Design and implementation of a bootstrap trust chain
Tóm tắt
The chain of trust in bootstrap process is the basis of whole system trust in the trusted computing group (TCG) definition. This paper presents a design and implementation of a bootstrap trust chain in PC based on the Windows and today's commodity hardware, merely depends on availability of an embedded security module (ESM). ESM and security enhanced BIOS is the root of trust, PMBR (Pre-MBR) checks the integrity of boot data and Windows kernel, which is a checking agent stored in ESM. In the end, the paper analyzed the mathematic expression of the chain of trust and the runtime performance compared with the common booting process. The trust chain bootstrap greatly strengthens the security of personal computer system, and affects the runtime performance with only adding about 12% booting time.
Tài liệu tham khảo
Trusted Computing Group [EB/OL]. [2005-09-16].https://www.trustedcomputinggroup.org.
TCPA. TCPA Design Philosophies and Concepts V1. 0 [EB/OL]. [2005-12-18].http://www.trustedcomputing.org/docs/designv1.0final.pdf.
Trusted Computing Group. TCG PC Specific Implementation Specification Version 1. 1 [EB/OL]. [2006-01-20].http://www.trustedcomputing group.org/groups/pc_client/TCG_PCSpecification_v1-1. pdf.
Hermann H rtig, Oliver Kowalski and Winfried Khnhauser. The Birlix Security Architecture [J].Journal of Computer Security, 1993,2(1):5–21.
Yee B.Using Secure Coprocessors [D]. Pittsburgh: Carnegie Mellon University, 1994.
Arbaugh W A, Farber D J, Smith J M. A Secure and Reliable Bootstrap Architecture [C] //Proceedings of IEEE Computer Society Conference on Security and Privacy. New York: IEEE Press, 1997:65–71.
Sailer R, Zhang X L, Jaeger T,et al. Design and Implementation of a TCG-Based Integrity Measurement Architecture [C]//Proceedings of 13 th USENIX Security Symposium, San Diego USENIX Association, 2004:223–238.
Yu Fajiang, Zhang Huanguo. Realization of Trusted Computing Platform [J].Journal of Wuhan University (Natural Science Edition), 2004,50(1):69–73 (Ch).
Zhang Huanguo, Liu Yuzhen, Yu Fajiang,et al. A New Type of Embedded Security Modle [J].Journal of Wuhan University (Natural Science Edition), 2004,50(S1):7–11 (Ch)
Dai Wei, Crypto+ +5.2.1 Benchmarks [EB/OL]. [2005-12-13].http://www.eskimo.com/∼weidai/benchmarks.html.