Team for Research in
Ubiquitous Secure Technology

Governance of Trusted Computing
Clark Thomborson

Citation
Clark Thomborson. "Governance of Trusted Computing". Talk or presentation, 25, October, 2006.

Abstract
Trusted computing systems offer great promise in corporate and governmental applications. Their uptake has been very slow outside of the national security agencies for which they were developed, in part because they have been difficult and expensive to configure and use. Recent designs are easier to use, but some compliance and governance issues are unresolved. Our analysis suggests that cryptographic systems, in order to be trustworthy in corporate environments, must support an audit of their most important operations. At minimum the audit record must reveal the number of keys that have been generated, as well as the creation times and authorities of these keys. This record of cryptographic activity must be tamper-evident, and must be open to inspection by the IT staff of the corporate owners as well as by their independent auditors.

Electronic downloads

Citation formats  
  • HTML
    Clark Thomborson. <a
    href="http://www.truststc.org/pubs/137.html"
    ><i>Governance of Trusted
    Computing</i></a>, Talk or presentation,  25,
    October, 2006.
  • Plain text
    Clark Thomborson. "Governance of Trusted
    Computing". Talk or presentation,  25, October, 2006.
  • BibTeX
    @presentation{Thomborson06_GovernanceOfTrustedComputing,
        author = {Clark Thomborson},
        title = {Governance of Trusted Computing},
        day = {25},
        month = {October},
        year = {2006},
        abstract = {Trusted computing systems offer great promise in
                  corporate and governmental applications. Their
                  uptake has been very slow outside of the national
                  security agencies for which they were developed,
                  in part because they have been difficult and
                  expensive to configure and use. Recent designs are
                  easier to use, but some compliance and governance
                  issues are unresolved. Our analysis suggests that
                  cryptographic systems, in order to be trustworthy
                  in corporate environments, must support an audit
                  of their most important operations. At minimum the
                  audit record must reveal the number of keys that
                  have been generated, as well as the creation times
                  and authorities of these keys. This record of
                  cryptographic activity must be tamper-evident, and
                  must be open to inspection by the IT staff of the
                  corporate owners as well as by their independent
                  auditors. },
        URL = {http://www.truststc.org/pubs/137.html}
    }
    

Posted by Alvaro Cardenas on 14 Nov 2006.
Groups: trustseminar
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.