A trusted computing
framework attempts to provide high levels of assurance for general purpose
computation. Trusted computing, still a maturing research field, currently
provides four security primitives — attestation, sealed storage, curtained
memory and secure I/O. To provide high assurance levels amongst distributed,
autonomous systems, trusted computing frameworks treat a machine owner as a
potential attacker.
Trusted computing
frameworks are characterised by a need for their software to be closed-source.
Ken Thompson’s famous subverted-compiler shows that a user’s trust in software
tools may be considered lower when their source is not examinable.
This thesis proposes
required characteristics of a community-developed trusted computing framework
that enables trust in the framework through examination of the source code,
while retaining assurances of security. The functionalities of a general
purpose computing platform are defined, and we propose that a trusted computing
framework should not restrict the usability or functionality of the general
purpose platform to which it is added. Formal definitions of trusted computing
primitives are given, and open problems in trusted computing research are
outlined.
Trusted computing
implementations are surveyed, and compared against the definitions proposed
earlier. Difficulties in establishing trusted measurements of software are
outlined, as well as enabling the use of shared libraries while making a
meaningful statement about an application’s functionality.
A security analysis of
framework implementations of the Trusted Computing Group and Microsoft are
given. Vulnerabilities caused by the implementation of curtained memory outside
the Trusted Computing Base are discussed, and a novel attack is proposed.
We propose modifications to
the Trusted Computing Group specification to enable curtained execution through
integration with an architecture intended to prevent unauthorised software
execution. This integration enables virtualisation of the Trusted Platform
Module, and the benefits this gives are discussed.