SlideShare a Scribd company logo

Trusted Computing Base

Vasily Sartakov
Vasily Sartakov

The lecture by Sartakov A. Vasily for Summer Systems School'12. Brief introduction to Trusted Computing. SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security. 1. http://ksyslabs.org/

Education
1 of 13
Download to read offline
TCB – Trusted Computing Base четверг, 26 июля 12 г.
• The trusted computing base (TCB) of a computer system is the set of all hardware, firmware, and/or software components that are critical to its security, in the sense that bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system. • By contrast, parts of a computer system outside the TCB must not be able to breach the security policy and may not get any more privileges than are granted to them in accordance to the security policy. 2 четверг, 26 июля 12 г.
Trusted Computing: basic idea • Addition of security hardware functionality to a computer system to compensate for insecure software • Enables external entities to have increased level of trust that the system will perform as expected/specified • Trusted platform = a computing platform with a secure hardware component that forms a security foundation for software processes • Trusted Computing = computing on a Trusted Platform 3 четверг, 26 июля 12 г.
Trusted Hardware Examples 4 четверг, 26 июля 12 г.
Characteristics of Trusted Hardware • Physically secure module • Environmental monitoring (temperature, power supply, structural integrity) • Tamper responsive • Optimized hardware support for cryptography • I/O interface 5 четверг, 26 июля 12 г.
Trusted Hardware – Example • IBM 4764 Secure Coprocessor 6 четверг, 26 июля 12 г.
IBM 4764 Application Example 7 четверг, 26 июля 12 г.
TCG (Trusted Computing Group) History & Evolution • October 1999: TCPA formed – Trusted Computing Platform Alliance – Founders: IBM, HP, Compaq, Intel and Microsoft • 2001: 1st TPM specification released – Trusted Platform Module • 2002: TCPA becomes TCG – Trusted Computing Group – Not-for-profitindustrystandardsorganization • 2003: TPM specification adopted by TCG – Currently TPM specification 1.2 • 2010: Reduced interest – TPM has failed to meet industry expectations 8 четверг, 26 июля 12 г.
Trusted Platform Module (TPM) • Hardware module at heart of hardware / software approach to trusted computing • Protected memory (key storage, platform configuration metrics) • TPM chip mounted on motherboard, • Supports 3 basic services: – Secure / authenticated boot, – Remote attestation, allows remote party to verify platform state – Sealed storage / encryption, makes decryption depend on platform state 9 четверг, 26 июля 12 г.
TCG supports two modes of booting • Secure boot – the platform owner can define expected (trusted) PCR values that are stored in special non-volatile Data Integrity Registers (DIR) in the TPM. – If a PCR value does not match the expected value for that stage of the boot process, TPM can signal a boot termination request. • Authenticated boot – does not check measured values against expected values – just records in PCRs 10 четверг, 26 июля 12 г.
TPM – A Passive Security Enabler • Note that TPM is passive: – It doesn’t decide which software can and can’t run. – It provides a way to reliably report the post-boot state of the platform – TCG aware application or OS can be designed to not start unless platform is in a particular state (no malware etc) – TCG aware application or OS can be designed to require a TPM mediated online authorisation from a vendor before starting (check for current license etc.): • TCG can be used to build systems where somebody else decides whether software can or can’t run • TCG does not provide this functionality – it merely enables it 11 четверг, 26 июля 12 г.
TPM Architecture Processor Endorsement K. Hash engine Storage Root Key RSA Key gen. Non-Volatile memory RSA Signing and encryptyon PCR RND generator Loaded Keys Processor Volatile memory 12 четверг, 26 июля 12 г.
Attestation Identity Key (AIK) Endorsement Key (EK) AIKs are used to provide platform The Endorsement Key (EK) is a public/private authentication to a service provider. This is key-pair. The size of the key-pair is mandated to also called pseudo-anonymous have a modulus (a.k.a. key size) of 2048 bits. authentication and is different from user The private component of the key-pair is authentication. Refer to the section on generated within the TPM and is never exposed attestation under usage models for an outside the TPM. illustration of how AIKs are obtained. Certificates: The Endorsement Cert contains the public key of the EK. The purpose of the Endorsement Cert * RSA / AES / SHA-1 / GOST is to provide attestation that the particular TPM * Import banned in: is genuine, i.e. that the EK is protected. Russia The Platform Cert is provided by the platform China vendor and provides attestation that the security Kazakhstan components of the platform are genuine. Belarus The Conformance Cert is provided by the platform vendor or an evaluation lab. It provides attestation by an accredited party as to the security properties of the platform. четверг, 26 июля 12 г.

Recommended

Trusted Platform Module (TPM)
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
Trusted Platform Module (TPM)k33a
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System SecurityAdel Barkam
 
Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARMNational Cheng Kung University
 
Practical Trusted Platform Module (TPM2) Programming
Practical Trusted Platform Module (TPM2) ProgrammingPractical Trusted Platform Module (TPM2) Programming
Practical Trusted Platform Module (TPM2) ProgrammingBrandon Arvanaghi
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptxChrisaldyChandra
 
AMD Ryzen CPU Zen Cores Architecture
AMD Ryzen CPU Zen Cores ArchitectureAMD Ryzen CPU Zen Cores Architecture
AMD Ryzen CPU Zen Cores ArchitectureLow Hong Chuan
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1Linaro
 

Recommended

Trusted Platform Module (TPM)
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
Trusted Platform Module (TPM)k33a
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System SecurityAdel Barkam
 
Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARMNational Cheng Kung University
 
Practical Trusted Platform Module (TPM2) Programming
Practical Trusted Platform Module (TPM2) ProgrammingPractical Trusted Platform Module (TPM2) Programming
Practical Trusted Platform Module (TPM2) ProgrammingBrandon Arvanaghi
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptxChrisaldyChandra
 
AMD Ryzen CPU Zen Cores Architecture
AMD Ryzen CPU Zen Cores ArchitectureAMD Ryzen CPU Zen Cores Architecture
AMD Ryzen CPU Zen Cores ArchitectureLow Hong Chuan
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1Linaro
 
UML Profile for DDS
UML Profile for DDSUML Profile for DDS
UML Profile for DDSAngelo Corsaro
 
IBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep DiveIBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep DiveShradha Nayak Thakare
 
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMSFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMLinaro
 
SpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting RevisistedSpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting RevisistedWill Schroeder
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...xKinAnx
 
Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2infosecedu
 
Expert Day 2019 - SUSE Linux Enterprise 15
Expert Day 2019 - SUSE Linux Enterprise 15Expert Day 2019 - SUSE Linux Enterprise 15
Expert Day 2019 - SUSE Linux Enterprise 15SUSE
 
Security in Embedded systems
Security in Embedded systems Security in Embedded systems
Security in Embedded systems Naveen Jakhar, I.T.S
 
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]RootedCON
 
Ntlm Unsafe
Ntlm UnsafeNtlm Unsafe
Ntlm UnsafeGuang Ying Yuan
 
LFCollab14: Xen vs Xen Automotive
LFCollab14: Xen vs Xen AutomotiveLFCollab14: Xen vs Xen Automotive
LFCollab14: Xen vs Xen AutomotiveThe Linux Foundation
 
Secure boot general
Secure boot generalSecure boot general
Secure boot generalPrabhu Swamy
 
"Embedded Vision Made Smart: Introduction to the HALCON Embedded Machine Visi...
"Embedded Vision Made Smart: Introduction to the HALCON Embedded Machine Visi..."Embedded Vision Made Smart: Introduction to the HALCON Embedded Machine Visi...
"Embedded Vision Made Smart: Introduction to the HALCON Embedded Machine Visi...Edge AI and Vision Alliance
 
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022MichaelM85042
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted ComputingOWASP
 
AMD Radeon™ RX 5700 Series 7nm Energy-Efficient High-Performance GPUs
AMD Radeon™ RX 5700 Series 7nm Energy-Efficient High-Performance GPUsAMD Radeon™ RX 5700 Series 7nm Energy-Efficient High-Performance GPUs
AMD Radeon™ RX 5700 Series 7nm Energy-Efficient High-Performance GPUsAMD
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM VirtualizationMarcel Winandy
 
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...Shakacon
 
Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Aananth C N
 
Introduction To Linux Kernel Modules
Introduction To Linux Kernel ModulesIntroduction To Linux Kernel Modules
Introduction To Linux Kernel Modulesdibyajyotig
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overviewSajid Marwat
 

More Related Content

What's hot

IBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep DiveIBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep DiveShradha Nayak Thakare
 
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMSFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMLinaro
 
SpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting RevisistedSpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting RevisistedWill Schroeder
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...xKinAnx
 
Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2infosecedu
 
Expert Day 2019 - SUSE Linux Enterprise 15
Expert Day 2019 - SUSE Linux Enterprise 15Expert Day 2019 - SUSE Linux Enterprise 15
Expert Day 2019 - SUSE Linux Enterprise 15SUSE
 
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]RootedCON
 
Secure boot general
Secure boot generalSecure boot general
Secure boot generalPrabhu Swamy
 
"Embedded Vision Made Smart: Introduction to the HALCON Embedded Machine Visi...
"Embedded Vision Made Smart: Introduction to the HALCON Embedded Machine Visi..."Embedded Vision Made Smart: Introduction to the HALCON Embedded Machine Visi...
"Embedded Vision Made Smart: Introduction to the HALCON Embedded Machine Visi...Edge AI and Vision Alliance
 
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022MichaelM85042
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted ComputingOWASP
 
AMD Radeon™ RX 5700 Series 7nm Energy-Efficient High-Performance GPUs
AMD Radeon™ RX 5700 Series 7nm Energy-Efficient High-Performance GPUsAMD Radeon™ RX 5700 Series 7nm Energy-Efficient High-Performance GPUs
AMD Radeon™ RX 5700 Series 7nm Energy-Efficient High-Performance GPUsAMD
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM VirtualizationMarcel Winandy
 
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...Shakacon
 
Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Aananth C N
 
Introduction To Linux Kernel Modules
Introduction To Linux Kernel ModulesIntroduction To Linux Kernel Modules
Introduction To Linux Kernel Modulesdibyajyotig
 

What's hot (20)

UML Profile for DDS
UML Profile for DDSUML Profile for DDS
UML Profile for DDS
 
IBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep DiveIBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep Dive
 
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMSFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
 
SpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting RevisistedSpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting Revisisted
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
 
Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2
 
Expert Day 2019 - SUSE Linux Enterprise 15
Expert Day 2019 - SUSE Linux Enterprise 15Expert Day 2019 - SUSE Linux Enterprise 15
Expert Day 2019 - SUSE Linux Enterprise 15
 
Security in Embedded systems
Security in Embedded systems Security in Embedded systems
Security in Embedded systems
 
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]
 
Ntlm Unsafe
Ntlm UnsafeNtlm Unsafe
Ntlm Unsafe
 
LFCollab14: Xen vs Xen Automotive
LFCollab14: Xen vs Xen AutomotiveLFCollab14: Xen vs Xen Automotive
LFCollab14: Xen vs Xen Automotive
 
Secure boot general
Secure boot generalSecure boot general
Secure boot general
 
"Embedded Vision Made Smart: Introduction to the HALCON Embedded Machine Visi...
"Embedded Vision Made Smart: Introduction to the HALCON Embedded Machine Visi..."Embedded Vision Made Smart: Introduction to the HALCON Embedded Machine Visi...
"Embedded Vision Made Smart: Introduction to the HALCON Embedded Machine Visi...
 
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing
 
AMD Radeon™ RX 5700 Series 7nm Energy-Efficient High-Performance GPUs
AMD Radeon™ RX 5700 Series 7nm Energy-Efficient High-Performance GPUsAMD Radeon™ RX 5700 Series 7nm Energy-Efficient High-Performance GPUs
AMD Radeon™ RX 5700 Series 7nm Energy-Efficient High-Performance GPUs
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM Virtualization
 
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
 
Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Virtualization Support in ARMv8+
Virtualization Support in ARMv8+
 
Introduction To Linux Kernel Modules
Introduction To Linux Kernel ModulesIntroduction To Linux Kernel Modules
Introduction To Linux Kernel Modules
 

Viewers also liked

Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overviewSajid Marwat
 
Технологии Интел по обеспечению безопасности корпоративных пользователей.
Технологии Интел по обеспечению безопасности корпоративных пользователей. Технологии Интел по обеспечению безопасности корпоративных пользователей.
Технологии Интел по обеспечению безопасности корпоративных пользователей.Cisco Russia
 
Cisco ASA CX - новый прикладной МСЭ
Cisco ASA CX - новый прикладной МСЭCisco ASA CX - новый прикладной МСЭ
Cisco ASA CX - новый прикладной МСЭCisco Russia
 
NeoQUEST: Tpm.txt.на что способно заморское железо
NeoQUEST: Tpm.txt.на что способно заморское железоNeoQUEST: Tpm.txt.на что способно заморское железо
NeoQUEST: Tpm.txt.на что способно заморское железоNeo_QUEST
 
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...Byeongseok Yu
 
Introduction to Trusted Computing
Introduction to Trusted ComputingIntroduction to Trusted Computing
Introduction to Trusted ComputingMaksim Djackov
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to MicrokernelsVasily Sartakov
 
RnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionRnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionVasily Sartakov
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
NXP presentation at Secure Identifications 2016
NXP presentation at Secure Identifications 2016NXP presentation at Secure Identifications 2016
NXP presentation at Secure Identifications 2016Ihar Bayarenka
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
CISA exam 100 practice question
CISA exam 100 practice questionCISA exam 100 practice question
CISA exam 100 practice questionArshad A Javed
 
Presentation on Total Productive Maintenance
Presentation on Total Productive MaintenancePresentation on Total Productive Maintenance
Presentation on Total Productive MaintenanceMahendra K SHUKLA
 
NFC And HCE 2016 - What’s Next?
NFC And HCE 2016 - What’s Next?NFC And HCE 2016 - What’s Next?
NFC And HCE 2016 - What’s Next?NFC Forum
 
Why TPM in Automotive?
Why TPM in Automotive?Why TPM in Automotive?
Why TPM in Automotive?Alan Tatourian
 
Securite et surete maritime
Securite et surete maritime Securite et surete maritime
Securite et surete maritimeRabah HELAL
 
NLCMG - Performance is good, Understanding performance is better
NLCMG - Performance is good, Understanding performance is better NLCMG - Performance is good, Understanding performance is better
NLCMG - Performance is good, Understanding performance is better nlwebperf
 
A Little Pumpkin Likes Reading Books
A Little Pumpkin Likes Reading BooksA Little Pumpkin Likes Reading Books
A Little Pumpkin Likes Reading BooksPEPY Empowering Youth
 

Viewers also liked (20)

Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overview
 
Технологии Интел по обеспечению безопасности корпоративных пользователей.
Технологии Интел по обеспечению безопасности корпоративных пользователей. Технологии Интел по обеспечению безопасности корпоративных пользователей.
Технологии Интел по обеспечению безопасности корпоративных пользователей.
 
Cisco ASA CX - новый прикладной МСЭ
Cisco ASA CX - новый прикладной МСЭCisco ASA CX - новый прикладной МСЭ
Cisco ASA CX - новый прикладной МСЭ
 
NeoQUEST: Tpm.txt.на что способно заморское железо
NeoQUEST: Tpm.txt.на что способно заморское железоNeoQUEST: Tpm.txt.на что способно заморское железо
NeoQUEST: Tpm.txt.на что способно заморское железо
 
Fedoseev Sofs
Fedoseev SofsFedoseev Sofs
Fedoseev Sofs
 
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Plat...
 
Introduction to Trusted Computing
Introduction to Trusted ComputingIntroduction to Trusted Computing
Introduction to Trusted Computing
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to Microkernels
 
RnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionRnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific Region
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
NXP presentation at Secure Identifications 2016
NXP presentation at Secure Identifications 2016NXP presentation at Secure Identifications 2016
NXP presentation at Secure Identifications 2016
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
CISA exam 100 practice question
CISA exam 100 practice questionCISA exam 100 practice question
CISA exam 100 practice question
 
Presentation on Total Productive Maintenance
Presentation on Total Productive MaintenancePresentation on Total Productive Maintenance
Presentation on Total Productive Maintenance
 
NFC And HCE 2016 - What’s Next?
NFC And HCE 2016 - What’s Next?NFC And HCE 2016 - What’s Next?
NFC And HCE 2016 - What’s Next?
 
Why TPM in Automotive?
Why TPM in Automotive?Why TPM in Automotive?
Why TPM in Automotive?
 
Securite et surete maritime
Securite et surete maritime Securite et surete maritime
Securite et surete maritime
 
NLCMG - Performance is good, Understanding performance is better
NLCMG - Performance is good, Understanding performance is better NLCMG - Performance is good, Understanding performance is better
NLCMG - Performance is good, Understanding performance is better
 
A Little Pumpkin Likes Reading Books
A Little Pumpkin Likes Reading BooksA Little Pumpkin Likes Reading Books
A Little Pumpkin Likes Reading Books
 

Similar to Trusted Computing Base

Trusted Computing security _platform.ppt
Trusted Computing security _platform.pptTrusted Computing security _platform.ppt
Trusted Computing security _platform.pptnaghamallella
 
Trusted Computing _plate form_ model.ppt
Trusted Computing _plate form_ model.pptTrusted Computing _plate form_ model.ppt
Trusted Computing _plate form_ model.pptnaghamallella
 
Abbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir
 
trusted computing platform alliancee.ppt
trusted computing platform alliancee.ppttrusted computing platform alliancee.ppt
trusted computing platform alliancee.pptnaghamallella
 
Trusted _Computing _security mobile .ppt
Trusted _Computing _security mobile .pptTrusted _Computing _security mobile .ppt
Trusted _Computing _security mobile .pptnaghamallella
 
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptx
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptxConfidential Computing in Azure - SlideShare Ed Dec 2022.pptx
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptxCarlo Sacchi
 
DYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESDYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESijsptm
 
Shytikov on NTLM Authentication
Shytikov on NTLM AuthenticationShytikov on NTLM Authentication
Shytikov on NTLM Authenticationshytikov
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Qualcomm Developer Network
 
Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoCSecurity Consideration for Set-top box SoC
Security Consideration for Set-top box SoCWesley Li
 
lamacchia-palladium
lamacchia-palladiumlamacchia-palladium
lamacchia-palladiumNed Hayes
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PROIDEA
 
Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Vinayak Hegde
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationMichelle Holley
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
 

Similar to Trusted Computing Base (20)

Trusted Computing security _platform.ppt
Trusted Computing security _platform.pptTrusted Computing security _platform.ppt
Trusted Computing security _platform.ppt
 
Trusted Computing _plate form_ model.ppt
Trusted Computing _plate form_ model.pptTrusted Computing _plate form_ model.ppt
Trusted Computing _plate form_ model.ppt
 
Abbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir Tcg Final
Abbie Barbir Tcg Final
 
trusted computing platform alliancee.ppt
trusted computing platform alliancee.ppttrusted computing platform alliancee.ppt
trusted computing platform alliancee.ppt
 
Trusted _Computing _security mobile .ppt
Trusted _Computing _security mobile .pptTrusted _Computing _security mobile .ppt
Trusted _Computing _security mobile .ppt
 
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptx
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptxConfidential Computing in Azure - SlideShare Ed Dec 2022.pptx
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptx
 
DYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESDYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGES
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
 
Shytikov on NTLM Authentication
Shytikov on NTLM AuthenticationShytikov on NTLM Authentication
Shytikov on NTLM Authentication
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
 
Microsoft Palladium
Microsoft PalladiumMicrosoft Palladium
Microsoft Palladium
 
Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoCSecurity Consideration for Set-top box SoC
Security Consideration for Set-top box SoC
 
lamacchia-palladium
lamacchia-palladiumlamacchia-palladium
lamacchia-palladium
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
 
Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway Application
 
Certified Pre-Owned
Certified Pre-OwnedCertified Pre-Owned
Certified Pre-Owned
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 

More from Vasily Sartakov

Мейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиМейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиVasily Sartakov
 
Сетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeСетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeVasily Sartakov
 
Защита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReЗащита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReVasily Sartakov
 
Hardware Errors and the OS
Hardware Errors and the OSHardware Errors and the OS
Hardware Errors and the OSVasily Sartakov
 
Operating Systems Meet Fault Tolerance
Operating Systems Meet Fault ToleranceOperating Systems Meet Fault Tolerance
Operating Systems Meet Fault ToleranceVasily Sartakov
 
Operating Systems Hardening
Operating Systems HardeningOperating Systems Hardening
Operating Systems HardeningVasily Sartakov
 
Особенности Национального RnD
Особенности Национального RnDОсобенности Национального RnD
Особенности Национального RnDVasily Sartakov
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4ReVasily Sartakov
 
Применение Fiasco.OC
Применение Fiasco.OCПрименение Fiasco.OC
Применение Fiasco.OCVasily Sartakov
 
Прикладная Информатика 6 (36) 2011
Прикладная Информатика 6 (36) 2011Прикладная Информатика 6 (36) 2011
Прикладная Информатика 6 (36) 2011Vasily Sartakov
 
Разработка встраиваемой операционной системы на базе микроядерной архитектуры...
Разработка встраиваемой операционной системы на базе микроядерной архитектуры...Разработка встраиваемой операционной системы на базе микроядерной архитектуры...
Разработка встраиваемой операционной системы на базе микроядерной архитектуры...Vasily Sartakov
 

More from Vasily Sartakov (20)

Мейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиМейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памяти
 
Сетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeСетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и Genode
 
Защита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReЗащита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4Re
 
Hardware Errors and the OS
Hardware Errors and the OSHardware Errors and the OS
Hardware Errors and the OS
 
Operating Systems Meet Fault Tolerance
Operating Systems Meet Fault ToleranceOperating Systems Meet Fault Tolerance
Operating Systems Meet Fault Tolerance
 
Intro
IntroIntro
Intro
 
Genode OS Framework
Genode OS FrameworkGenode OS Framework
Genode OS Framework
 
Operating Systems Hardening
Operating Systems HardeningOperating Systems Hardening
Operating Systems Hardening
 
Особенности Национального RnD
Особенности Национального RnDОсобенности Национального RnD
Особенности Национального RnD
 
Genode Architecture
Genode ArchitectureGenode Architecture
Genode Architecture
 
Genode Components
Genode ComponentsGenode Components
Genode Components
 
Genode Programming
Genode ProgrammingGenode Programming
Genode Programming
 
Genode Compositions
Genode CompositionsGenode Compositions
Genode Compositions
 
System Integrity
System IntegritySystem Integrity
System Integrity
 
Intro
IntroIntro
Intro
 
Memory, IPC and L4Re
Memory, IPC and L4ReMemory, IPC and L4Re
Memory, IPC and L4Re
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4Re
 
Применение Fiasco.OC
Применение Fiasco.OCПрименение Fiasco.OC
Применение Fiasco.OC
 
Прикладная Информатика 6 (36) 2011
Прикладная Информатика 6 (36) 2011Прикладная Информатика 6 (36) 2011
Прикладная Информатика 6 (36) 2011
 
Разработка встраиваемой операционной системы на базе микроядерной архитектуры...
Разработка встраиваемой операционной системы на базе микроядерной архитектуры...Разработка встраиваемой операционной системы на базе микроядерной архитектуры...
Разработка встраиваемой операционной системы на базе микроядерной архитектуры...
 

Recently uploaded

Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17Celine George
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Developmentchesterberbo7
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Indexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfIndexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfChristalin Nelson
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research DiscourseAnita GoswamiGiri
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Celine George
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17Celine George
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxkarenfajardo43
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWQuiz Club NITW
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxSayali Powar
 
ARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxAneriPatwari
 

Recently uploaded (20)

Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Project
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Development
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Indexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfIndexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdf
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research Discourse
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITW
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
ARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptx
 

Trusted Computing Base

  • 1. TCB – Trusted Computing Base четверг, 26 июля 12 г.
  • 2. • The trusted computing base (TCB) of a computer system is the set of all hardware, firmware, and/or software components that are critical to its security, in the sense that bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system. • By contrast, parts of a computer system outside the TCB must not be able to breach the security policy and may not get any more privileges than are granted to them in accordance to the security policy. 2 четверг, 26 июля 12 г.
  • 3. Trusted Computing: basic idea • Addition of security hardware functionality to a computer system to compensate for insecure software • Enables external entities to have increased level of trust that the system will perform as expected/specified • Trusted platform = a computing platform with a secure hardware component that forms a security foundation for software processes • Trusted Computing = computing on a Trusted Platform 3 четверг, 26 июля 12 г.
  • 4. Trusted Hardware Examples 4 четверг, 26 июля 12 г.
  • 5. Characteristics of Trusted Hardware • Physically secure module • Environmental monitoring (temperature, power supply, structural integrity) • Tamper responsive • Optimized hardware support for cryptography • I/O interface 5 четверг, 26 июля 12 г.
  • 6. Trusted Hardware – Example • IBM 4764 Secure Coprocessor 6 четверг, 26 июля 12 г.
  • 7. IBM 4764 Application Example 7 четверг, 26 июля 12 г.
  • 8. TCG (Trusted Computing Group) History & Evolution • October 1999: TCPA formed – Trusted Computing Platform Alliance – Founders: IBM, HP, Compaq, Intel and Microsoft • 2001: 1st TPM specification released – Trusted Platform Module • 2002: TCPA becomes TCG – Trusted Computing Group – Not-for-profitindustrystandardsorganization • 2003: TPM specification adopted by TCG – Currently TPM specification 1.2 • 2010: Reduced interest – TPM has failed to meet industry expectations 8 четверг, 26 июля 12 г.
  • 9. Trusted Platform Module (TPM) • Hardware module at heart of hardware / software approach to trusted computing • Protected memory (key storage, platform configuration metrics) • TPM chip mounted on motherboard, • Supports 3 basic services: – Secure / authenticated boot, – Remote attestation, allows remote party to verify platform state – Sealed storage / encryption, makes decryption depend on platform state 9 четверг, 26 июля 12 г.
  • 10. TCG supports two modes of booting • Secure boot – the platform owner can define expected (trusted) PCR values that are stored in special non-volatile Data Integrity Registers (DIR) in the TPM. – If a PCR value does not match the expected value for that stage of the boot process, TPM can signal a boot termination request. • Authenticated boot – does not check measured values against expected values – just records in PCRs 10 четверг, 26 июля 12 г.
  • 11. TPM – A Passive Security Enabler • Note that TPM is passive: – It doesn’t decide which software can and can’t run. – It provides a way to reliably report the post-boot state of the platform – TCG aware application or OS can be designed to not start unless platform is in a particular state (no malware etc) – TCG aware application or OS can be designed to require a TPM mediated online authorisation from a vendor before starting (check for current license etc.): • TCG can be used to build systems where somebody else decides whether software can or can’t run • TCG does not provide this functionality – it merely enables it 11 четверг, 26 июля 12 г.
  • 12. TPM Architecture Processor Endorsement K. Hash engine Storage Root Key RSA Key gen. Non-Volatile memory RSA Signing and encryptyon PCR RND generator Loaded Keys Processor Volatile memory 12 четверг, 26 июля 12 г.
  • 13. Attestation Identity Key (AIK) Endorsement Key (EK) AIKs are used to provide platform The Endorsement Key (EK) is a public/private authentication to a service provider. This is key-pair. The size of the key-pair is mandated to also called pseudo-anonymous have a modulus (a.k.a. key size) of 2048 bits. authentication and is different from user The private component of the key-pair is authentication. Refer to the section on generated within the TPM and is never exposed attestation under usage models for an outside the TPM. illustration of how AIKs are obtained. Certificates: The Endorsement Cert contains the public key of the EK. The purpose of the Endorsement Cert * RSA / AES / SHA-1 / GOST is to provide attestation that the particular TPM * Import banned in: is genuine, i.e. that the EK is protected. Russia The Platform Cert is provided by the platform China vendor and provides attestation that the security Kazakhstan components of the platform are genuine. Belarus The Conformance Cert is provided by the platform vendor or an evaluation lab. It provides attestation by an accredited party as to the security properties of the platform. четверг, 26 июля 12 г.