The Library
On the trust of trusted computing in the post-Snowden age
Tools
Hao, Feng (2015) On the trust of trusted computing in the post-Snowden age. In: 8th IEEE CSF Workshop on Analysis of Security APIs, 13 Jul 2015 (Unpublished)
Research output not available from this repository.
Request-a-Copy directly from author or use local Library Get it For Me service.
Abstract
Revelations in the Snowden case have raised hard questions about the trust of Trusted Computing (TC). When the software is encapsulated within tamper resistant hardware (e.g., TPM) and it is impossible for users to access the internal code, how can we be sure about the integrity of the code (e.g., there is no built-in trap-door)? One may say this question is irrelevant so long as the hardware device is “trusted”, which is what the term “Trusted Computing ” (subtly) implies. Arguably there appears no incentive for the TPM manufacturers to compromise the security of their own products. But, as revealed in the Snowden documents, a state-funded adversary may have the incentive to coerce manufacturers to add trap-doors, e.g., in order to possess the exclusive power to break a system. Is this a fact or rumour? How can one tell? In this position paper, I argue that neither of the existing black/white assumptions about TPM (i.e., complete trust or total distrust) is adequate in capturing realistic re-quirements. Instead, I propose a third assumption that sits in between: namely, “trust-but-verify”. Based on this new assumption, many of the existing TPM APIs need to be.
Item Type: | Conference Item (Lecture) | ||||
---|---|---|---|---|---|
Divisions: | Faculty of Science, Engineering and Medicine > Science > Computer Science | ||||
Official Date: | 2015 | ||||
Dates: |
|
||||
Status: | Not Peer Reviewed | ||||
Publication Status: | Unpublished | ||||
Access rights to Published version: | Restricted or Subscription Access | ||||
Conference Paper Type: | Lecture | ||||
Title of Event: | 8th IEEE CSF Workshop on Analysis of Security APIs | ||||
Type of Event: | Workshop | ||||
Date(s) of Event: | 13 Jul 2015 |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |