Bear: An Open-Source Virtual Secure Coprocessor based on TCPA
نویسندگان
چکیده
This paper reports on our ongoing project to use TCPA to transform a desktop Linux machine into a virtual secure coprocessor: more powerful but less secure than higher-end devices. We use TCPA hardware and modified boot loaders to protect fairly static components, such as a trusted kernel; we use an enforcer module—configured as Linux Security Module—to protected more dynamic system components; we use an encrypted loopback filesystem to protect highly dynamic components. All our code is open source and available under GPL from http://enforcer.sourceforge.net/.
منابع مشابه
Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear
Over the last few years, our group has been working on applications of secure coprocessors—but has been frustrated by the limited computational environment and high expense of such devices. Over the last few years, the TCPA (now TCG) has produced a specification for a trusted platform module (TPM)—a small hardware addition intended to improve the overall security of a larger machine (and tied u...
متن کاملBridging the Gap between TCPA/Palladium and Personal Security
Microsoft Palladium (Pd) and TCPA are announced to be the next-generation computing platforms, and claimed to improve users’ security. However, the public debate on TCPA/Pd is full of skepticism and mistrust about the claimed security enhancements for the users. People are concerned about those features and capabilities of these systems that can be applied to realize Digital Rights Management: ...
متن کاملTaming "Trusted Platforms" by Operating System Design
Experiences of the past have shown that common computing platforms lack security due to architectural problems and complexity. In this context, Microsoft Palladium (Pd) and TCPA are announced to be the next-generation computing platforms, and claimed to improve users’ security. However, people are concerned about those capabilities of TCPA/Pd that may allow content providers to gain too much po...
متن کاملSecurity in Open versus Closed Systems – The Dance of Boltzmann, Coase and Moore
Some members of the open-source and free software community argue that their code is more secure, because vulnerabilities are easier for users to find and fix. Meanwhile the proprietary vendor community maintains that access to source code rather makes things easier for the attackers. In this paper, I argue that this is the wrong way to approach the interaction between security and the openness...
متن کاملValidating a High-Performance, Programmable Secure Coprocessor
This paper details our experiences with successfully validating a trusted device at FIPS 140-1 Level 4—earning the world’s first certificate at this highest level. Over the last several years, our group designed and built a physically secure PCI card (the IBM 4758 [5]) containing a general-purpose processor with crypto support. However, for this device to function as a trusted platform for secu...
متن کامل