Governance of Trusted Computing

Governance of Trusted Computing
Clark Thomborson

Citation
Clark Thomborson. "Governance of Trusted Computing". Talk or presentation, 25, October, 2006.

Abstract
Trusted computing systems offer great promise in corporate and governmental applications. Their uptake has been very slow outside of the national security agencies for which they were developed, in part because they have been difficult and expensive to configure and use. Recent designs are easier to use, but some compliance and governance issues are unresolved. Our analysis suggests that cryptographic systems, in order to be trustworthy in corporate environments, must support an audit of their most important operations. At minimum the audit record must reveal the number of keys that have been generated, as well as the creation times and authorities of these keys. This record of cryptographic activity must be tamper-evident, and must be open to inspection by the IT staff of the corporate owners as well as by their independent auditors.

Electronic downloads

http://www.cs.auckland.ac.nz/~cthombor/Pubs/TC/tcgovern.ppt

Citation formats

HTML

Clark Thomborson. <a
href="http://www.truststc.org/pubs/137.html"
><i>Governance of Trusted
Computing</i></a>, Talk or presentation,  25,
October, 2006.

Plain text

Clark Thomborson. "Governance of Trusted
Computing". Talk or presentation,  25, October, 2006.

BibTeX

@presentation{Thomborson06_GovernanceOfTrustedComputing,
    author = {Clark Thomborson},
    title = {Governance of Trusted Computing},
    day = {25},
    month = {October},
    year = {2006},
    abstract = {Trusted computing systems offer great promise in
              corporate and governmental applications. Their
              uptake has been very slow outside of the national
              security agencies for which they were developed,
              in part because they have been difficult and
              expensive to configure and use. Recent designs are
              easier to use, but some compliance and governance
              issues are unresolved. Our analysis suggests that
              cryptographic systems, in order to be trustworthy
              in corporate environments, must support an audit
              of their most important operations. At minimum the
              audit record must reveal the number of keys that
              have been generated, as well as the creation times
              and authorities of these keys. This record of
              cryptographic activity must be tamper-evident, and
              must be open to inspection by the IT staff of the
              corporate owners as well as by their independent
              auditors. },
    URL = {http://www.truststc.org/pubs/137.html}
}

Posted by Alvaro Cardenas on 14 Nov 2006.
Groups: trustseminar
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.