Trusted Computing Platforms: Design and Applications

Understanding Trusted Computing From The Ground Up

Trusted Computing Platforms: TCPA Technology in Context

Computers that incorporate a TPM have the ability to create cryptographic keys and encrypt them so that they can be decrypted only by the TPM, a process called "wrapping" or "binding. The private portion of a key created in a TPM is never exposed to any other component, software, process or person.

Related Video Shorts (0)

Computers that incorporate a TPM can also create a key that has not only been wrapped, but also tied to certain measurements. This kind of key can only be unwrapped when those platform measurements have the same values that they had when the key was created. This process is called "sealing" the key to the TPM. Decrypting it is called "unsealing. Secure computer operation is made possible by the TPM through three main blocks of operation, starting with the cryptographic processor, whose main function is to generate the encryption keys Fig. The TPM processes commands and data from the host system, then specific responses are relayed back to the host system though the hardware bus.

Product details

This block diagram illustrates the encryption keys incorporated in the Trusted Platform Module that together form the heart of the TPM's capabilities. The data stored in Persistent Storage, the second major block, can only be accessed through the use of the encrypted SRK, embedded in the TPM security hardware.

This key is required to open up the block for use by application software, and is used to protect TPM keys created by applications, so these keys cannot be used without the TPM. The third block is the Versatile Storage area, which is used to store keys generated either by the TPM or by others. Establishing a root of trust when a computer is powering on is the first step toward cyber security, since this is when measurements are conducted and stored.

This process ensures that access to data in a platform could be denied if the boot sequence is not as expected.

Because most system "attacks" occur while a computer is running, a "run-time" root of trust must also be established. Created by periodically refreshing, re-evaluating and representing the "evidence," the run-time root of trust will detect many system attacks.

Continue Reading This Article

Virtual machine support can extend secure boot support to guest operating systems Fig. The sequence is illustrated well in a technical report prepared by the department of mathematics at the University of London March Finally, control is passed to the OS. Trusted Computing with a TPM offers a significant advancement in platform security if all of the features are utilized.

It offers assurance related to software-based attacks from malicious code, Trojans, viruses and root kits, as well as providing platform configuration information when requested. Its strength is in its ability to measure components on a platform in a way that cannot be bypassed by code running without the knowledge of the core root of trust supported by the system's various measurements. The risks selected were Compromise of information, Technical failures, Unauthorized Actions and Compromise of functions.

It was found that a TPM reduced the risks by 33 percent to 67 percent across most of the risks. The TPM was most effective on risks associated with "Compromise of information" and "Unauthorized actions," which are especially applicable to all kinds of regulated environments because these risks can invalidate data.

Even worse, they could allow a regulator or operator to shut down business operations if compliance cannot be demonstrated. Trusted computing has been a necessary and logical outgrowth of our changing world, and goes hand-in-hand with the continued interconnectedness of computing devices, as well as the number and kinds of threats arising. Since threats are always changing, keeping encryption technology current is a constant challenge. Another challenge has been to consistently address the arguments of critics regarding the balance of security and privacy in trusted computing. These issues form the basis of continual study and development by companies that specialize in computing technology.

Underlying the issues is the belief that both security and privacy are equally important contributors to the trust that people have in computing, and in online services and information systems. It is a belief that computers and computing devices should do what people expect regardless of disruption from environmental sources, user and operator error, or attack by hostile forces.

Even though computers are not always recognizable in all their various forms, they are present in our cars, phones, homes, appliances, medical devices and military equipment. And the prevalence is only increasing. It is a certain assumption that, especially in an age of cloud computing, people would prefer a computer absolutely bound by code to their bank account, for example. In that case, the only way they couldn't access their money would be if their laptop or computer was actually missing.

CodePipeline brings a number of benefits to serverless app development and deployment, including the elimination of mundane tasks Creating a VM template is a fairly straightforward process. Even so, it's a good idea to familiarize yourself with Microsoft's Despite the enhanced separation that hyper-converged infrastructure can offer, it's better to mix environments and use rules to Composable infrastructures -- frameworks of compute, storage and network resource services -- will still make use of Microsoft Azure and Google Cloud both added cloud application development tools that improve and simplify the process of creating With progressive web applications, single-page apps, motion UI and other innovations, app development meets the moment, giving The lines between web and mobile app and websites are blurring, so development silos are out, and boning up on building What is the best Java build tool on the market?

Do people still use Ant? Here, we explore why Maven is still one of With content distribution networks loaded with edge JavaScript, Cloudfare promises to improve application performance and A recent RedMonk report finds more developers use programming languages that run on the Java Virtual Machine to build mobile and To effectively monitor hybrid cloud infrastructure -- without being overloaded with data and alerts -- IT teams need to rethink Azure Cloud Shell's browser-based model frees IT teams from installation headaches but presents some formatting and timeout One difference in Microsoft's cloud infrastructure design may have contributed to the extended outage this week in an Azure If you want to do DevOps, don't just follow the prescribed strategies and roadmaps that other companies lay out.

Trusted Computing Platforms

Open source technology, along with growing compute capabilities, has made the role of the developer more creative and valuable in To really do DevOps, you will have to adopt open source enterprise architecture tools. Sign in for existing members. Step 2 of This was last published in October PagerDuty incident response tools loop in business stakeholders Anomaly detection methods unleash microservices performance Application performance metrics and tools fit for modern architectures AIOps platforms delve deeper into root cause analysis Load More View All.

Zabbix monitoring requires experience for best results Cisco roadmap plots course through clouds to DevOps future Zenoss ZenPacks plug-ins support hundreds of external resources Predictive IT analytics improves distributed application monitoring Load More View All Evaluate. Anomaly detection methods unleash microservices performance Application performance metrics and tools fit for modern architectures Find the ideal incident management automation tool or tools How the Nagios monitoring tool tracks IT environment details Load More View All Manage. Anomaly detection methods unleash microservices performance Find the ideal incident management automation tool or tools Don't panic!

Login Forgot your password? Submit your e-mail address below. We'll send you an email containing your password. Your password has been sent to: Please create a username to comment.

Discovery functions, FIPS compliance increase DCIM security Data center infrastructure management is one way to track security patches and unauthorized hardware access. Data center admins gain the benefits of microservices Microservices bring perks to data center infrastructures, especially when it comes to long-term maintenance.

Assess, manage AWS costs with third-party tools An ecosystem of third-party products augment AWS' vast portfolio of cloud services, including cost management tools. Weave AWS CodePipeline into serverless app deployment CodePipeline brings a number of benefits to serverless app development and deployment, including the elimination of mundane tasks Mix test and production environments with hyper-convergence Despite the enhanced separation that hyper-converged infrastructure can offer, it's better to mix environments and use rules to The future of composable infrastructure and virtualization Composable infrastructures -- frameworks of compute, storage and network resource services -- will still make use of With progressive web applications, developers blur the lines With progressive web applications, single-page apps, motion UI and other innovations, app development meets the moment, giving Web app development morphs as apps and websites merge The lines between web and mobile app and websites are blurring, so development silos are out, and boning up on building New CDNs bring edge JavaScript to the app performance world With content distribution networks loaded with edge JavaScript, Cloudfare promises to improve application performance and Developers favor JVM languages for mobile, enterprise A recent RedMonk report finds more developers use programming languages that run on the Java Virtual Machine to build mobile and Search Cloud Computing Improve hybrid cloud monitoring through automation, alerts To effectively monitor hybrid cloud infrastructure -- without being overloaded with data and alerts -- IT teams need to rethink How Azure Cloud Shell can streamline resource management Azure Cloud Shell's browser-based model frees IT teams from installation headaches but presents some formatting and timeout Azure outage spotlights cloud infrastructure choices One difference in Microsoft's cloud infrastructure design may have contributed to the extended outage this week in an Azure Dev Ops Agenda The journey to DevOps starts with solving problems If you want to do DevOps, don't just follow the prescribed strategies and roadmaps that other companies lay out.

The new developer role centers on open source technology Open source technology, along with growing compute capabilities, has made the role of the developer more creative and valuable in

Trusted Computing Platforms Design and Applications