Threat Model of a Scenario Based on Trusted Platform Module 2.0 Specification
نویسندگان
چکیده
The Trusted Platform Module (TPM) is a device that can be used to enhance the security of web applications. However, the TPM has to be used in a proper manner in order to benefit from its security properties. A threat model will contribute towards developing a better understanding of how to use the TPM and serve as a reference for future work. In this paper, a web application scenario based on the TPM 2.0 specification is developed and the threat model is constructed using Microsoft’s security development lifecycle threat modelling tool. The threats to each element in the model are analysed and the appropriate mitigations are worked out.
منابع مشابه
vTPM: Virtualizing the Trusted Platform Module
We present the design and implementation of a system that enables trusted computing for an unlimited number of virtual machines on a single hardware platform. To this end, we virtualized the Trusted Platform Module (TPM). As a result, the TPM’s secure storage and cryptographic functions are available to operating systems and applications running in virtual machines. Our new facility supports hi...
متن کاملSecurity Evaluation of Scenarios Based on the TCG's TPM Specification
The Trusted Platform Module TPM is a basic but nevertheless very complex security component that can provide the foundations and the root of security for a variety of applications. In contrast to the TPM, other basic security mechanisms like cryptographic algorithms or security protocols have frequently been subject to thorough security analysis and formal verification. This paper presents a fi...
متن کاملType-Based Analysis of Protected Storage in the TPM
The Trusted Platform Module (TPM) is designed to enable trustworthy computation and communication over open networks. The TPM provides a way to store cryptographic keys and other sensitive values in its shielded memory and act as Root of Trust for Storage (RTS). The TPM interacts with applications via a predefined set of commands (an API). In this paper, we give an abstraction model for the TPM...
متن کاملseTPM: Towards Flexible Trusted Computing on Mobile Devices Based on GlobalPlatform Secure Elements
Insufficiently protected mobile devices present an ubiquitous threat. Due to severe hardware constraints, such as limited printed circuit board area, hardware-based security as proposed by the Trusted Computing Group is usually not part of mobile devices, yet. We present the design and implementation of seTPM, a secure element based TPM, utilizing Java Card technology. seTPM establishes trust i...
متن کاملEnabling Secure and Usable Mobile Application: Revealing the Nuts and Bolts of software TPM in todays Mobile Devices
The emergence of mobile applications to execute sensitive operations has brought a myriad of security threats to both enterprises and users. In order to benefit from the large potential in smartphones there is a need to manage the risks arising from threats, while maintaining an easy interface for the users. In this paper we investigate the use of Trusted Platform Model (TPM) 2.0 to develop a s...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013