Article

Bootstrapping trust in a "trusted" platform

Author:

Bryan ParnoAuthors Info & Claims

HOTSEC'08: Proceedings of the 3rd conference on Hot topics in security

Article No.: 9, Pages 1 - 6

Published: 29 July 2008 Publication History

Publisher Site

Abstract

For the last few years, many commodity computers have come equipped with a Trusted Platform Module (TPM). Existing research shows that the TPM can be used to establish trust in the software executing on a computer. However, at present, there is no standard mechanism for establishing trust in the TPM on a particular machine. Indeed, any straightforward approach falls victim to a cuckoo attack. In this work, we propose a formal model for establishing trust in a platform. The model reveals the cuckoo attack problem and suggests potential solutions. Unfortunately, no instantiation of these solutions is fully satisfying, and hence, we pose the development of a fully satisfactory solution as an open question to the community.

References

[1]

B. Acohido and J. Swartz. Unprotected PCs can be hijacked in minutes. USA Today, Nov. 2004.

Google Scholar

[2]

A. Alkassar, C. Stüble, and A.-R. Sadeghi. Secure object identication or: Solving the chess grandmaster problem. In Proceedings of the New Security Paradigm Workshow (NSPW), 2003.

Digital Library

Google Scholar

[3]

S. Brands and D. Chaum. Distance-bounding protocols. In EUROCRYPT , 1994.

Digital Library

Google Scholar

[4]

S. Garriss, R. Cáceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang. Trustworthy and personalized computing on public kiosks. To Appear in Proceedings of MobiSys, 2008.

Digital Library

Google Scholar

[5]

P. Lang. Flash the Intel BIOS with confidence. Intel Developer UPDATE Magazine, Mar. 2002.

Google Scholar

[6]

J. LeClaire. Apple ships iPods with Windows virus. Mac News World, Oct. 2006.

Google Scholar

[7]

J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In Proceedings of EuroSys, Apr. 2008.

Digital Library

Google Scholar

[8]

J.M. McCune, A. Perrig, and M. K. Reiter. Seeing is believing: Using camera phones for human-verifiable authentication. In Proceedings of IEEE Symposium on Security and Privacy, May 2005.

Digital Library

Google Scholar

[9]

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of USENIX Security Symposium, Aug. 2004.

Digital Library

Google Scholar

[10]

A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In Proceedings of SOSP, Oct. 2005.

Digital Library

Google Scholar

[11]

S. Smith and S. Weingart. Building a high-performance, programmable secure coprocessor. Computer Networks, 31, 1999.

Digital Library

Google Scholar

[12]

Sophos. Best Buy digital photo frames ship with computer virus, Jan. 2008.

Google Scholar

[13]

Trusted Computing Group. Trusted platform module main specification. Version 1.2, Revision 103, July 2007.

Google Scholar

Cited By

View all

Pontes DSilva FFalcão EBrito A(2023)Attesting AMD SEV-SNP Virtual Machines with SPIREProceedings of the 12th Latin-American Symposium on Dependable and Secure Computing10.1145/3615366.3615419(1-10)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3615366.3615419
Gregor FKrahn RQuoc DFetzer C(2023)SinClaveProceedings of the 24th International Middleware Conference10.1145/3590140.3629107(85-97)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3590140.3629107
Bradbury MPrince DMarcinkiewicz VWatson T(2022)Attributes and Dimensions of Trust in Secure SystemsProceedings of the 12th International Conference on the Internet of Things10.1145/3567445.3571105(179-186)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3567445.3571105
Show More Cited By

Index Terms

Bootstrapping trust in a "trusted" platform
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Bootstrapping Trust in a "Trusted" Virtualized Platform
CYSARM'19: Proceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race

The Trusted Platform Module (TPM) can be used to establish trust in the software configuration of a computer. Virtualizing the TPM is a logical next step towards building trusted cloud environments and providing a virtual TPM to a virtual machine ...
Benevolence trust: a key determinant of user continuance use of online social networks

Online social networking (OSN) has attracted increased attention and growing membership in recent years. In this paper, we propose and test an extended and unified theory of acceptance and use of technology (UTAUT) model, including the additional areas ...
Trusted Boot and Platform Trust Services on 1CD Linux
APTC '08: Proceedings of the 2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference

We developed 1CD Linux which shows the benefit of trusted computing. It includes Trusted Boot and Platform Trust Services, which use a secure chip "TPM" and are hardware rooted trust. The integrity of platform and vulnerability of packages are verified ...

Comments

Information & Contributors

Information

Published In

HOTSEC'08: Proceedings of the 3rd conference on Hot topics in security

July 2008

75 pages

Program Chair:
Niels Provos
Google

Publisher

USENIX Association

United States

Publication History

Published: 29 July 2008

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

36
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Pontes DSilva FFalcão EBrito A(2023)Attesting AMD SEV-SNP Virtual Machines with SPIREProceedings of the 12th Latin-American Symposium on Dependable and Secure Computing10.1145/3615366.3615419(1-10)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3615366.3615419
Gregor FKrahn RQuoc DFetzer C(2023)SinClaveProceedings of the 24th International Middleware Conference10.1145/3590140.3629107(85-97)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3590140.3629107
Bradbury MPrince DMarcinkiewicz VWatson T(2022)Attributes and Dimensions of Trust in Secure SystemsProceedings of the 12th International Conference on the Internet of Things10.1145/3567445.3571105(179-186)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3567445.3571105
Wang WDeng SNiu JReiter MZhang YYin HStavrou ACremers CShi E(2022)ENGRAFTProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560639(2841-2855)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560639
Galanou AGregor FKapitza RFetzer CBellavista PZhang KGherbi ABagchi SPatiño MDi Modica GGascon-Samson J(2022)MATEEProceedings of the 23rd ACM/IFIP International Middleware Conference10.1145/3528535.3565239(121-134)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3528535.3565239
Kostiainen KDhar ACapkun S(2020)Dedicated Security Chips in the Age of Secure EnclavesIEEE Security and Privacy10.1109/MSEC.2020.299023018:5(38-46)Online publication date: 3-Sep-2020
https://dl.acm.org/doi/10.1109/MSEC.2020.2990230
Chakraborty DHanzlik LBugiel SHeninger NTraynor P(2019)simTPMProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361376(533-550)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361376
Lauer HSakzad ARudolph CNepal SChen LMitchell CGiannetsos TSgandurra D(2019)Bootstrapping Trust in a "Trusted" Virtualized PlatformProceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race10.1145/3338511.3357347(11-22)Online publication date: 15-Nov-2019
https://dl.acm.org/doi/10.1145/3338511.3357347
Valente JBahirat KVenechanos KCardenas ABalakrishnan P(2019)Improving the Security of Visual ChallengesACM Transactions on Cyber-Physical Systems10.1145/33311833:3(1-26)Online publication date: 31-Aug-2019
https://dl.acm.org/doi/10.1145/3331183
Feng WQin YFeng D(2018)Using mobile phones to enhance computing platform trustTelecommunications Systems10.1007/s11235-018-0456-y69:2(187-205)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s11235-018-0456-y
Show More Cited By

Abstract

References

Cited By

Index Terms

Recommendations

Bootstrapping Trust in a "Trusted" Virtualized Platform

Benevolence trust: a key determinant of user continuance use of online social networks

Trusted Boot and Platform Trust Services on 1CD Linux

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations