Towards an Open Trusted Computing Framework

MSc Thesis, February 2005
Matthew Barrett

Abstract

A trusted computing framework attempts to provide high levels of assurance for general purpose computation. Trusted computing, still a maturing research field, currently provides four security primitives — attestation, sealed storage, curtained memory and secure I/O. To provide high assurance levels amongst distributed, autonomous systems, trusted computing frameworks treat a machine owner as a potential attacker.

Trusted computing frameworks are characterised by a need for their software to be closed-source. Ken Thompson’s famous subverted-compiler shows that a user’s trust in software tools may be considered lower when their source is not examinable.

This thesis proposes required characteristics of a community-developed trusted computing framework that enables trust in the framework through examination of the source code, while retaining assurances of security. The functionalities of a general purpose computing platform are defined, and we propose that a trusted computing framework should not restrict the usability or functionality of the general purpose platform to which it is added. Formal definitions of trusted computing primitives are given, and open problems in trusted computing research are outlined.

Trusted computing implementations are surveyed, and compared against the definitions proposed earlier. Difficulties in establishing trusted measurements of software are outlined, as well as enabling the use of shared libraries while making a meaningful statement about an application’s functionality.

A security analysis of framework implementations of the Trusted Computing Group and Microsoft are given. Vulnerabilities caused by the implementation of curtained memory outside the Trusted Computing Base are discussed, and a novel attack is proposed.

We propose modifications to the Trusted Computing Group specification to enable curtained execution through integration with an architecture intended to prevent unauthorised software execution. This integration enables virtualisation of the Trusted Platform Module, and the benefits this gives are discussed.