Bootstrapping Trust in a 'Trusted' Platform

Bootstrapping Trust in a 'Trusted' Platform
Bryan Parno

Citation
Bryan Parno. "Bootstrapping Trust in a 'Trusted' Platform". Talk or presentation, 11, November, 2008.

Abstract
For the last few years, many commodity computers have come equipped with a Trusted Platform Module (TPM). Existing research shows that the TPM can be used to establish trust in the software executing on a computer. However, at present, there is no standard mechanism for establishing trust in the TPM on a particular machine. Indeed, any straightforward approach falls victim to a cuckoo attack. In this work, we propose a formal model for establishing trust in a platform. The model reveals the cuckoo attack problem and suggests potential solutions. Unfortunately, no instantiation of these solutions is fully satisfying, and hence, we pose the development of a fully satisfactory solution as an open question to the community.

Electronic downloads

13%20-%20Parno.ppt · application/vnd.ms-powerpoint · 4358 kbytes

Citation formats

HTML

Bryan Parno. <a
href="http://www.truststc.org/pubs/484.html"
><i>Bootstrapping Trust in a 'Trusted'
Platform</i></a>, Talk or presentation,  11,
November, 2008.

Plain text

Bryan Parno. "Bootstrapping Trust in a 'Trusted'
Platform". Talk or presentation,  11, November, 2008.

BibTeX

@presentation{Parno08_BootstrappingTrustInTrustedPlatform,
    author = {Bryan Parno},
    title = {Bootstrapping Trust in a 'Trusted' Platform},
    day = {11},
    month = {November},
    year = {2008},
    abstract = {For the last few years, many commodity computers
              have come equipped with a Trusted Platform Module
              (TPM). Existing research shows that the TPM can be
              used to establish trust in the software executing
              on a computer. However, at present, there is no
              standard mechanism for establishing trust in the
              TPM on a particular machine. Indeed, any
              straightforward approach falls victim to a cuckoo
              attack. In this work, we propose a formal model
              for establishing trust in a platform. The model
              reveals the cuckoo attack problem and suggests
              potential solutions. Unfortunately, no
              instantiation of these solutions is fully
              satisfying, and hence, we pose the development of
              a fully satisfactory solution as an open question
              to the community. },
    URL = {http://www.truststc.org/pubs/484.html}
}

Posted by Jessica Gamble on 23 Jan 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.