Allan Tomlinson

Introduction to the TPM

The Trusted Platform Module (TPM ) and smart card devices have many features in common. Both are low cost, tamper resistant, small footprint devices used to provide the basis of a secure computing environment. This chapter presents an introduction to the security mechanisms provided by the TPM highlighting those not typically found on a smart card. The concept of “ownership” is one of the major differences between the TPM and a smart card and this is described in some detail before concluding with a review of some of the security services uniquely provided by the TPM and a description of some recent changes to the TPM standard.

Survey on Security Challenges for Swarm Robotics

Swarm robotics is a relatively new technology that is being explored for its potential use in a variety of different applications and environments. Previous emerging technologies have often overlooked security until later developmental stages, when it has had to be undesirably (and sometimes expensively) retrofitted. We identify a number of security challenges for swarm robotics and argue that now is the right time to address these issues and seek solutions. We also identify several idiosyncrasies of swarm robotics that present some unique security challenges. In particular, swarms of robots potentially (i) employ different types of communication channels (ii) have special concepts of identity, and (iii) exhibit adaptive emergent behaviour which could be modified by an intruder. Addressing these issues now will prevent undesirable consequences for many applications of this type of technology.

Secure Virtual Disk Images for Grid Computing

We present in our paper a secure, flexible and transparent security architecture for virtual disk images.Virtual disk images are often overlooked in security concepts, especially in a grid environment where disk images are considered to be secure as long as they reside within the secured borders of the data center.However, for some applications this level of assurance is not satisfactory.In our security architecture, virtualized guests transparently benefit from integrity as well as confidentiality assurance.Traditional virtual disk images lack the ability of an efficient integrity protection mechanism.We base our concepts on trusted computing utilizing the Trusted Platform Module (TPM) to efficiently deliver integrity assurance to virtual disk images.Further, we allow a restrictive rule-set to be imposed by the virtual disk image owner, and we enable the owner to retain control over the virtual disk image throughout its life-cycle.

Conditional access in mobile systems: securing the application

This paper describes two protocols for the secure download of content protection software to mobile devices. The protocols apply concepts from trusted computing to demonstrate that a platform is in a sufficiently trustworthy state before any application or associated keys are securely downloaded. The protocols are designed to allow mobile devices to receive broadcast content protected by proprietary conditional access applications. They may also be applied in the general case where demonstration of a secure execution environment is required before an application is downloaded.

Separating hypervisor trusted computing base supported by hardware

In this paper we explore how recent advances in virtualisation support for commodity hardware could be utilised to reduce the Trusted Computing Base (TCB) and improve the code separation of a hypervisor. To achieve this, we reassess on the definition of the TCB and illustrate how segregation of different code blocks could be enforced by hardware protection mechanisms. We argue that many software-based efforts in TCB reduction and separation can benefit from utilising those hardware capabilities.

Securing Grid Workflows with Trusted Computing

We propose a novel scheme that uses Trusted Computing technology to secure Grid workflows. This scheme allows the selection of trustworthy resource providers based on their platform states. The integrity and confidentiality of workflow jobs are provided using cryptographic keys that can only be accessed when resource provider platforms are in trustworthy states. In addition, platform attestation is used to detect potential workflow execution problems, and the information collected can be used for process provenance.

Trusted Virtual Disk Images

Many solutions have been proposed to raise the security level of virtualisation. However, most overlook the security of virtual disk images. With our paper we present a secure, flexible and transparent security architecture for virtual disk images. Virtual machines running on our architecture transparently benefit from confidentiality and integrity assurance. We achieve this by incorporating the concepts of Trusted Computing and in particular the Trusted Platform Module (TPM). This enables us to provide a secure and flexible trusted virtual disk infrastructure to a broad number of platforms. Furthermore, the unique concept of Trusted Virtual Disk Images (TVDI) allows an image owner to stay in control over the disk image throughout its complete life-cycle.

Modelling malicious entities in a robotic swarm

Work has been undertaken in the research of swarm robotics and potential applications. This has included several specific models and simulations, with the majority of the work assuming a benign operational environment for the swarm. This paper proposes a generic model to represent a swarm and then adapts the generic model to consider malicious elements within the swarm.

Privacy and consent in pervasive networks

Pervasive networks and location based systems have the potential to provide many new services. However the user of these services often has to provide personal information to allow the service to operate effectively. This article considers the problem of protecting personal information in this environment, and reports on the legislative and technical efforts being made to protect user privacy.

Security For Video Broadcasting

This chapter presents an overview of a well-known application of smart card technology, namely that of pay-TV systems. The focus is on the security issues of this particular application and the mechanisms available to meet the security requirements. The chapter begins by establishing the requirements for the application and then looks in detail at the security mechanisms provided by current broadcast standards.