Boris Balacheff

Trusted virtual platforms: a key enabler for converged client devices

This paper introduces our work around combining machine virtualization technology with Trusted Computing Group technology. We first describe our architecture for reducing and containing the privileged code of the Xen Hypervisor. Secondly we describe our Trusted Virtual Platform architecture. This is aimed at supporting the strong enforcement of integrity and security policy controls over a virtual entity where a virtual entity can be either a full guest operating system or virtual appliance running on a virtualized platform. The architecture includes a virtualization-specific integrity measurement and reporting framework. This is designed to reflect all the dependencies of the virtual environment of a guest operating system. The work is a core enabling component of our research around converged devices -- client platforms such as notebooks or desktop PCs that can safely host multiple virtual operating systems and virtual appliances concurrently and report accurately on the trustworthiness of the individually executing entities.

A trusted process to digitally sign a document

This paper describes a method of increasing the trust in open computing platforms, such that a person can have confidence in producing a digital signature using open platforms.The process of using a digital signature to sign a digital document is well understood. Most descriptions assume the correctness of the process of signing a document within a computing platform. In an increasing connected world, this assumption is no longer true when open computing platforms are used. This paper proposes the signing of a document in a general-purpose computing platform using a trusted process. That trusted process creates a signature over a digital image that represents the document and uses a trusted display controller in the platform plus a smart card owned by the prospective signer. The trusted display controller is part of the video processing path, and can display video data on a monitor without interference or subversion by any software components at the platform. The smart card is able to authenticate the trusted display controller, and demonstrate to the signer the results of that authentication using the trusted display controller.The most unusual aspects of the method are: (1) a thumbnail image is stored in the smart card, and used as a surround or background for an image (on a display) that is to be signed; (2) the smart card signs image data on the authority of the trusted display controller, without direct authorisation from the signer.

Securing intelligent adjuncts using trusted computing platform technology

In [1], Balacheff et al described a new paradigm for smartcard usage called the Intelligent Adjunct model. The current increasing programmability of smartcards and development of the Internet is enabling new flexible and dynamic platforms for electronic commerce and services. In particular, the Intelligent Adjunct model combined with the use of a Trusted Computing Platform enables more flexible and more reliable network-based service development. This paper describes such a method using a hardware-based component in a computing platform to enable the establishment of a trust relationship between a smartcard and the terminal to which it is connected.

Smartcards - From Security Tokens to Intelligent Adjuncts

Smartcards have traditionally been used as secure tokens in the corporate IT environment – for system logon, remote access, etc. With the increased programmability of smartcards, a new enhanced model of interaction between the smartcard and the corporate computing infrastructure is made possible. We define this new model of interaction as the Intelligent Adjunct model. It enables the use of smartcards to dynamically personalise the environment of the computing terminal and automate user-defined tasks (the terminal can be any computing device with a smartcard reader). In this paper, we describe various usage scenarios of a smartcard as an Intelligent Adjunct (IA) and we consider how such a model can be built using existing smartcards, specifically JavaCards. Various inadequacies of ISO standards are pointed out, an extension of the JavaCard API to support this new model is proposed, and a possible integration into the PC/SC infrastructure is described.

Computing Platform Security in Cyberspace

In this paper, we start by describing the concerns people have with cyberspace security. This might seem unnecessary to security practitioners but the number of times the authors experience arguments to the contrary suggest that it would be useful to start by relating concerns expressed in this area. Cyberspace security is indeed in its infancy compared with physical security. A comprehensive programme is urgently needed to make progress in this area. After a brief overview of typical security measures currently in place and their issues, we focus on the main topic of this paper: namely platform security. We describe a particular approach of enhancing platform security that is architecture independent and aims to provide a root of trust on computing platforms.

Trust and Trustworthy Computing

Web services require complex middleware in order to communicate using XML standards. However, this software increases vulnerability to runtime attack and makes remote attestation difficult. We propose to solve this problem by dividing services onto two platforms, an untrusted front-end, implementing the middleware, and a trustworthy back-end with a minimal trusted computing base.