Hilfe Warenkorb Konto Anmelden
 
 
   Schnellsuche   
     zur Expertensuche                      
Trusted Computing Platforms - Design and Applications
  Großes Bild
 
Trusted Computing Platforms - Design and Applications
von: Sean Smith
Springer-Verlag, 2006
ISBN: 9780387239170
239 Seiten, Download: 3314 KB
 
Format:  PDF
geeignet für: Apple iPad, Android Tablet PC's Online-Lesen PC, MAC, Laptop

Typ: A (einfacher Zugriff)

 

 
eBook anfordern
Inhaltsverzeichnis

  Contents 5  
  List of Figures 13  
  List of Tables 15  
  Preface 17  
  Acknowledgments 19  
  Chapter 1 INTRODUCTION 21  
     1.1 Trust and Computing 22  
     1.2 Instantiations 22  
     1.3 Design and Applications 25  
     1.4 Progression 27  
  Chapter 2 MOTIVATING SCENARIOS 29  
     2.1 Properties 29  
     2.2 Basic Usage 30  
     2.3 Examples of Basic Usage 32  
     2.4 Position and Interests 34  
     2.5 Examples of Positioning 35  
     2.6 The Idealogical Debate 38  
     2.7 Further Reading 38  
  Chapter 3 ATTACKS 39  
     3.1 Physical Attack 41  
        3.1.1 No Armor 42  
        3.1.2 Single Chip Devices 43  
        3.1.3 Multi-chip Devices 43  
     3.2 Software Attacks 44  
        3.2.1 Buffer Overflow 45  
        3.2.2 Unexpected Input 45  
        3.2.3 Interpretation Mismatches 46  
        3.2.4 Time-of-check vs Time-of-use 47  
        3.2.5 Atomicity 48  
        3.2.6 Design Flaws 49  
     3.3 Side- channel Analysis 50  
        3.3.1 Timing Attacks 50  
        3.3.2 Power Attacks 53  
        3.3.3 Other Avenues 54  
     3.4 Undocumented Functionality 55  
        3.4.1 Example: Microcontroller Memory 56  
        3.4.2 Example: FLASH Memory 57  
        3.4.3 Example: CPU Privileges 58  
     3.5 Erasing Data 58  
     3.6 System Context 59  
     3.7 Defensive Strategy 61  
        3.7.1 Tamper Evidence 61  
        3.7.2 Tamper Resistance 61  
        3.7.3 Tamper Detection 61  
        3.7.4 Tamper Response 62  
        3.7.5 Operating Envelope 62  
     3.8 Further Reading 62  
  Chapter 4 FOUNDATIONS 63  
     4.1 Applications and Integration 63  
        4.1.1 Kent 64  
        4.1.2 Abyss 64  
        4.1.3 Citadel 65  
        4.1.4 Dyad 66  
     4.2 Architectures 68  
        4.2.1 Physical Security 68  
        4.2.2 Hardware and Software 69  
     4.3 Booting 70  
     4.4 The Defense Community 72  
     4.5 Further Reading 72  
  Chapter 5 DESIGN CHALLENGES 75  
     5.1 Context 75  
        5.1.1 Personal 75  
        5.1.2 Commercial 76  
     5.2 Obstacles 77  
        5.2.1 Hardware 77  
        5.2.2 Software 79  
     5.3 Requirements 83  
        5.3.1 Commercial Requirements 83  
        5.3.2 Security Requirements 84  
        5.3.3 Authenticated Execution 86  
     5.4 Technology Decisions 87  
     5.5 Further Reading 91  
  Chapter 6 PLATFORM ARCHITECTURE 93  
     6.1 Overview 93  
        6.1.1 Security Architecture 94  
     6.2 Erasing Secrets 95  
        6.2.1 Penetration Resistance and Detection 96  
        6.2.2 Tamper Response 96  
        6.2.3 Other Physical Attacks 97  
     6.3 The Source of Secrets 98  
        6.3.1 Factory Initialization 98  
        6.3.2 Field Operations 99  
        6.3.3 Trusting the Manufacturer 101  
     6.4 Software Threats 101  
        6.4.1 Software Threat Model 102  
        6.4.2 Hardware Access Locks 102  
        6.4.3 Privacy and Integrity of Secrets 105  
     6.5 Code Integrity 105  
        6.5.1 Loading and Cryptography 106  
        6.5.2 Protection against Malice 106  
        6.5.3 Protection against Reburn Failure 107  
        6.5.4 Protection against Storage Errors 108  
        6.5.5 Secure Bootstrapping 109  
     6.6 Code Loading 110  
        6.6.1 Authorities 111  
        6.6.2 Authenticating the Authorities 112  
        6.6.3 Ownership 112  
        6.6.4 Ordinary Loading 113  
        6.6.5 Emergency Loading 116  
     6.7 Putting it All Together 117  
     6.8 What’s Next 119  
     6.9 Further Reading 119  
  Chapter 7 OUTBOUND AUTHENTICATION 121  
     7.1 Problem 121  
        7.1.1 The Basic Problem 122  
        7.1.2 Authentication Approach 122  
        7.1.3 User and Developer Scenarios 123  
        7.1.4 On-Platform Entities 124  
        7.1.5 Secret Retention 124  
        7.1.6 Authentication Scenarios 125  
        7.1.7 Internal Certification 127  
     7.2 Theory 128  
        7.2.1 What the Entity Says 129  
        7.2.2 What the Relying Party Concludes 129  
        7.2.3 Dependency 130  
        7.2.4 Soundness 131  
        7.2.5 Completeness 132  
        7.2.6 Achieving Both Soundness and Completeness 132  
        7.2.7 Design Implications 133  
     7.3 Design and Implementation 134  
        7.3.1 Layer Separation 135  
        7.3.2 The Code-Loading Code 135  
        7.3.3 The OA Manager 136  
        7.3.4 Naming 139  
        7.3.5 Summary 139  
        7.3.6 Implementation 140  
     7.4 Further Reading 141  
  Chapter 8 VALIDATION 143  
     8.1 The Validation Process 144  
        8.1.1 Evolution 144  
        8.1.2 FIPS 140-1 145  
        8.1.3 The Process 146  
     8.2 Validation Strategy 146  
     8.3 Formalizing Security Properties 149  
        8.3.1 Building Blocks 150  
        8.3.2 Easy Invariants 151  
        8.3.3 Controlling Code 151  
        8.3.4 Keeping Secrets 152  
     8.4 Formal Verification 154  
     8.5 Other Validation Tasks 156  
     8.6 Reflection 158  
     8.7 Further Reading 159  
  Chapter 9 APPLICATION CASE STUDIES 161  
     9.1 Basic Building Blocks 161  
     9.2 Hardened Web Servers 162  
        9.2.1 The Problem 162  
        9.2.2 Using a TCP 164  
        9.2.3 Implementation Experience 169  
     9.3 Rights Management for Big Brother’s Computer 172  
        9.3.1 The Problem 172  
        9.3.2 Using a TCP 173  
        9.3.3 Implementation Experience 174  
     9.4 Private Information 175  
        9.4.1 The Problem 175  
        9.4.2 Using a TCP: Initial View 177  
        9.4.3 Implementation Experience 178  
        9.4.4 Using Oblivious Circuits 180  
        9.4.5 Reducing TCP Memory Requirements 183  
        9.4.6 Adding the Ability to Update 185  
     9.5 Other Projects 187  
        9.5.1 Postal Meters 187  
        9.5.2 Kerberos KDC 187  
        9.5.3 Mobile Agents 187  
        9.5.4 Auctions 187  
        9.5.5 Marianas 188  
        9.5.6 Trusted S/MIME Gateways 189  
        9.5.7 Grid Tools 189  
     9.6 Lessons Learned 190  
     9.7 Further Reading 191  
  Chapter 10 TCPA/ TCG 193  
     10.1 Basic Structure 195  
     10.2 Outbound Authentication 198  
     10.3 Physical Attacks 199  
     10.4 Applications 200  
     10.5 Experimentation 200  
     10.6 TPM 1.2 Changes 201  
     10.7 Further Reading 201  
  Chapter 11 EXPERIMENTING WITH TCPA/TCG 203  
     11.1 Desired Properties 204  
     11.2 The Lifetime Mismatch 204  
     11.3 Architecture 205  
     11.4 Implementation Experience 209  
     11.5 Application: Hardened Apache 210  
     11.6 Application: OpenCA 211  
     11.7 Application: Compartmented Attestation 213  
     11.8 Further Reading 214  
  Chapter 12 NEW HORIZONS 215  
     12.1 Privilege Architectures 215  
     12.2 Hardware Research 217  
        12.2.1 XOM 217  
        12.2.2 MIT AEGIS 218  
        12.2.3 Cerium 219  
        12.2.4 Virtual Secure Coprocessing 219  
        12.2.5 Virtual Machine Monitors 219  
        12.2.6 Others 220  
     12.3 Software Research 221  
        12.3.1 Software-based Attestation 222  
        12.3.2 Hiding in Plain Sight 222  
     12.4 Current Industrial Platforms 223  
        12.4.1 Crypto Coprocessors and Tokens 223  
        12.4.2 Execution Protection 223  
        12.4.3 Capability-based Machines 224  
     12.5 Looming Industry Platforms 224  
        12.5.1 LaGrande 224  
        12.5.2 TrustZone 226  
        12.5.3 NGSCB 226  
     12.6 Secure Coprocessing Revisited 228  
     12.7 Further Reading 229  
  Glossary 231  
  References 241  
  About the Author 255  
  Index 257  


nach oben


  Mehr zum Inhalt
Kapitelübersicht
Kurzinformation
Inhaltsverzeichnis
Leseprobe
Blick ins Buch
Fragen zu eBooks?

  Medientyp
  eBooks
  eJournal
  alle

  Navigation
Belletristik / Romane
Computer
Geschichte
Kultur
Medizin / Gesundheit
Philosophie / Religion
Politik
Psychologie / Pädagogik
Ratgeber
Recht
Reise / Hobbys
Sexualität / Erotik
Technik / Wissen
Wirtschaft

  Info
Hier gelangen Sie wieder zum Online-Auftritt Ihrer Bibliothek
© 2008-2021 ciando GmbH | Impressum | Kontakt | F.A.Q. | Datenschutz