Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reducing Trust Domain with TXT Daniel De Graaf. TXT overview Original TPM – Static Root of Trust – BIOS, all boot ROMs, bootloader, hypervisor, OS TPM.

Published byKristian O’Connor’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Reducing Trust Domain with TXT Daniel De Graaf. TXT overview Original TPM – Static Root of Trust – BIOS, all boot ROMs, bootloader, hypervisor, OS TPM."— Presentation transcript:

1 Reducing Trust Domain with TXT Daniel De Graaf

2 TXT overview Original TPM – Static Root of Trust – BIOS, all boot ROMs, bootloader, hypervisor, OS TPM 1.2 – dynamic root of trust – Hypervisor startup (Xen) – Normal OS startup (Linux)

3 Application Trust Standard system – Kernel and hypervisor – All root processes (those with debug capabilities) – All processes with same UID Reduced system – Kernel – TSS daemon (verifies application)

4 Trusted Process Launch 1.Notify TSS daemon (attach request) 2.Execute trusted application 3.TSS inspects memory map 4.Continue launch – Shared libraries must be checked by application – Stack (argv/environ) and heap are not checked

5 Attestation Information Virtual memory mappings – Program “text” and BSS (data) – Dynamic linker (if used) TSS signature – Dedicated PCR for signatures (random value) – Performed by TSS upon application request

6 Test Application SSL server with built-in public key Signed client certificates Server authentication provided by TPM – TPM Quote of: app hash, client cert hash, nonce – Secure if client cert is secure Trusted Storage needed for normal SSL

Download ppt "Reducing Trust Domain with TXT Daniel De Graaf. TXT overview Original TPM – Static Root of Trust – BIOS, all boot ROMs, bootloader, hypervisor, OS TPM."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Ian Pratt SVP, Products Bromium Inc.

Ian Pratt SVP, Products Bromium Inc.
Trusted Platform Module

Trusted Platform Module
Vpn-info.com.

Vpn-info.com.
Secure storage Papers AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista Niels Ferguson, Microsoft,

Secure storage Papers AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista Niels Ferguson, Microsoft,
Tony Mangefeste Senior Program Manager Microsoft Corporation SYS-462T.

Tony Mangefeste Senior Program Manager Microsoft Corporation SYS-462T.
Securing OpenStack with Intel Trusted Computing OpenStack Summit Atlanta 2014 12 May 2014 Christian Huebner Cloud Architect

Securing OpenStack with Intel Trusted Computing OpenStack Summit Atlanta May 2014 Christian Huebner Cloud Architect
Analysis of Remote Attestation Lavina Jain, Jayesh Vyas.

Analysis of Remote Attestation Lavina Jain, Jayesh Vyas.
Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.

Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
Malware resistance. Outline Preliminaries –Virtual Address Layout –Stack Layout –Verification Problem Remote Attestation –Methods –Code Injection Interrupts.

Malware resistance. Outline Preliminaries –Virtual Address Layout –Stack Layout –Verification Problem Remote Attestation –Methods –Code Injection Interrupts.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
TrustVisor: Efficient TCB Reduction and Attestation Jonathan M

TrustVisor: Efficient TCB Reduction and Attestation Jonathan M
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.

Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.

CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.

Similar presentations

Ads by Google