Reducing Trust Domain with TXT Daniel De Graaf. TXT overview Original TPM – Static Root of Trust – BIOS, all boot ROMs, bootloader, hypervisor, OS TPM.

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Ian Pratt SVP, Products Bromium Inc.
Trusted Platform Module
Vpn-info.com.
Secure storage Papers AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista Niels Ferguson, Microsoft,
Tony Mangefeste Senior Program Manager Microsoft Corporation SYS-462T.
Securing OpenStack with Intel Trusted Computing OpenStack Summit Atlanta May 2014 Christian Huebner Cloud Architect
Analysis of Remote Attestation Lavina Jain, Jayesh Vyas.
Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
Malware resistance. Outline Preliminaries –Virtual Address Layout –Stack Layout –Verification Problem Remote Attestation –Methods –Code Injection Interrupts.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
TrustVisor: Efficient TCB Reduction and Attestation Jonathan M
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
Self-service Cloud Computing Shakeel Butt Department of Computer Science Rutgers University.
Tony Mangefeste Senior Program Manager SYS-005T Why UEFI? UX value prop from Day one: Fast Boot, OEM Certification, smooth transitions, etc. Secure Boot.
Chapter 3 Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
Virtual Machines Xen and Terra Rajan Palanivel. Xen and Terra : Papers Xen and the art of virtualization. -Univ. of Cambridge Terra: A VM based platform.
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
PKI interoperability and policy in the wireless world.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Extending user controlled security domain.
Section 3.1: Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random.
An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
Passwords are not able to keep user safe.
The Battle Against Phishing: Dynamic Security Skins Rachna Dhamija and J.D. Tygar U.C. Berkeley.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
MATSUMOTO Hitoshi SCSI support on Xen MATSUMOTO Hitoshi Fujitsu Ltd.
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
Trusted Infrastructure Xiaolong Wang, Xinming Ou Based on Dr. Andrew Martin’s slides from TIW 2013.
Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan.
Wireless and Mobile Security
Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.
Digital Rights Management and Trusted Computing Kari Kostiainen T Special Course in Operating System Security April 13 th 2007.
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.
Windows 10 Device Health Attestation (DHA)
PV204 Security technologies
Modern User and Device Authentication  Biometric Fingerprints: Moving beyond Login  TPM Key Attestation: Binding a user and machine identities  Strong.
Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th, 2006.
Secure remote management with virtualization Daniel P. Berrangé.
Module 51 (Mobile Device Fundamentals - Android)
Hardware-rooted Trust for Secure Key Management & Transient Trust
Trusted Computing and the Trusted Platform Module
Trusted Infrastructure
Bootstrap Hooking © Copyright CyberPoint International, DARPA Distribution Statement “A” (Approved for Public Release, Distribution Unlimited) DISTAR Case.
Trusted Computing and the Trusted Platform Module
Chapter 2: System Structures
SSL Implementation Guide
תרגול 9 – Windows Security
TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
Practical Rootkit Detection with RAI
Building hardware-based security with a Trusted Platform Module (TPM)
Assignment #7 – Solutions
SSL Decryption Explained
Bruce Maggs (with some slides from Bryan Parno)
Bruce Maggs (with some slides from Bryan Parno)
What is needed in the Next Generation Cloud trusted platform?
Presentation transcript:

Reducing Trust Domain with TXT Daniel De Graaf

TXT overview Original TPM – Static Root of Trust – BIOS, all boot ROMs, bootloader, hypervisor, OS TPM 1.2 – dynamic root of trust – Hypervisor startup (Xen) – Normal OS startup (Linux)

Application Trust Standard system – Kernel and hypervisor – All root processes (those with debug capabilities) – All processes with same UID Reduced system – Kernel – TSS daemon (verifies application)

Trusted Process Launch 1.Notify TSS daemon (attach request) 2.Execute trusted application 3.TSS inspects memory map 4.Continue launch – Shared libraries must be checked by application – Stack (argv/environ) and heap are not checked

Attestation Information Virtual memory mappings – Program “text” and BSS (data) – Dynamic linker (if used) TSS signature – Dedicated PCR for signatures (random value) – Performed by TSS upon application request

Test Application SSL server with built-in public key Signed client certificates Server authentication provided by TPM – TPM Quote of: app hash, client cert hash, nonce – Secure if client cert is secure Trusted Storage needed for normal SSL

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.