reducing trust domain with txt n.
Download
Skip this Video
Download Presentation
Reducing Trust Domain with TXT

Loading in 2 Seconds...

play fullscreen
1 / 6

Reducing Trust Domain with TXT - PowerPoint PPT Presentation


  • 115 Views
  • Uploaded on

Reducing Trust Domain with TXT. Daniel De Graaf. TXT overview. Original TPM – Static Root of Trust BIOS, all boot ROMs, bootloader, hypervisor, OS TPM 1.2 – dynamic root of trust Hypervisor startup (Xen) Normal OS startup (Linux). Application Trust. Standard system Kernel and hypervisor

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Reducing Trust Domain with TXT' - gabi


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
txt overview
TXT overview
  • Original TPM – Static Root of Trust
    • BIOS, all boot ROMs, bootloader, hypervisor, OS
  • TPM 1.2 – dynamic root of trust
    • Hypervisor startup (Xen)
    • Normal OS startup (Linux)
application trust
Application Trust
  • Standard system
    • Kernel and hypervisor
    • All root processes (those with debug capabilities)
    • All processes with same UID
  • Reduced system
    • Kernel
    • TSS daemon (verifies application)
trusted process launch
Trusted Process Launch
  • Notify TSS daemon (attach request)
  • Execute trusted application
  • TSS inspects memory map
  • Continue launch
    • Shared libraries must be checked by application
    • Stack (argv/environ) and heap are not checked
attestation information
Attestation Information
  • Virtual memory mappings
    • Program “text” and BSS (data)
    • Dynamic linker (if used)
  • TSS signature
    • Dedicated PCR for signatures (random value)
    • Performed by TSS upon application request
test application
Test Application
  • SSL server with built-in public key
  • Signed client certificates
  • Server authentication provided by TPM
    • TPM Quote of: app hash, client cert hash, nonce
    • Secure if client cert is secure
  • Trusted Storage needed for normal SSL