Loading...
Please wait, while we are loading the content...
Similar Documents
Root of Trust : Technical vs . Political Considerations
| Content Provider | Semantic Scholar |
|---|---|
| Author | Loutfi, Ijlal Jøsang, Audun |
| Copyright Year | 2017 |
| Abstract | A so-called root of trust for a computer platforms is the initial set of program instructions, typically stored as firmware, that starts executing before any other program when the computer boots. There are currently a number of competing solutions for the root-of-trust on X86 platforms, which are the platforms on which all Windows and Linux operating systems run today. While the technical need for such a solution is well established, we argue that specific variations/implementations of the root-of-trust are more motivated by strategic and political reasons, rather than by technical ones. Indeed, firmware-based stealthy malware on X86 platforms has attracted considerable attention over the past years, mainly due to the fact that traditional detection mechanisms are inefficient against such malware. One of the most attractive targets of such malware is the BIOS/UEFI firmware which constitutes the root-of-trust on most X86 platforms. In order to increase the security assurance of these platforms, the so-called trusted computing is an alternative solution which aims at anchoring the X86 root-of-trust in specialized hardware rather than in firmware. Whoever controls the root-of-trust can technically monopolize the power to decide upon the security level of all subsequently running software on the platform. This naturally creates competition between different hardware and software providers about whose root-of-trust solution will be accepted and adopted in the market. This also means that government and commercial entities that understand the implications of controlling the X86 root-of-trust could decide not use/buy platforms from manufacturers located in countries that are not aligned with their political views. In this paper, we present and discuss the different root-of-trust solutions that have been proposed for the X86 platforms by different industry players. We then analyze possible strategic or political motives behind the design of these solutions. We mainly focus on design developed by the Trusted Computing Group (TCG) and Intel Corporation. Finally, we discuss the implications the solutions can have on the way X86 platforms are manufactured and distributed, as well as on how the solutions influences the corresponding ecosystem from the end users’ point of view. |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | http://folk.uio.no/josang/papers/LJ2017-ECCWS.pdf |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
