Problems with the Static Root of Trust for Measurement
نویسندگان
چکیده
In 2011 the National Institute of Standard and Technology (NIST) released a draft of special publication 800155. This document provides a more detailed description than the Trusted Platform Module (TPM) PC client specification for content that should be measured in the BIOS to provide an adequate Static Root of Trust for Measurement (SRTM). In this paper we look at the implementation of the SRTM from a Dell Latitude E6400 laptop. We describe how the implementation of the SRTM on this system doesn’t meet all the requirements set forth by both the TPM PC client specification and the NIST guidance. We also show how a 51 byte patch to the SRTM can cause it to provide a forged measurement to the TPM indicating that the BIOS is pristine. If a TPM Quote is used to query the boot state of the system, this TPM-signed falsification will then serve as the root of misplaced trust. We also show how reflashing the BIOS may not necessarily remove this trust-subverting malware.
منابع مشابه
Translation and Psychometric Assessment of the Persian Version of Patient Trust in Midwifery Care Scale
Background: Patients’ trust in their physicians can affect therapeutic outcomes. Measurement of patient’s trust levels is a helpful approach for policymakers in healthcare systems. Aim: The present study was targeted toward the translation and psychometric assessment of patients’ trust in midwifery care questionnaire. Method: This cross-sectional study was conducted on 210 female patients refer...
متن کاملD Ynamic R Oot of T Rust and C Hallenges
Trusted Computing intends to make PC platform trustworthy so that a user can have level of trust when working with it. To build a level of trust TCG gave specification of TPM, as integral part of TCB, for providing root(s) of trust. Further TCG defined Dynamic Root of Trust Measurement in Trusted Computing systems in its specification as a technology for measured platform initialization while s...
متن کاملDynamic Root of Trust in Trusted Computing
In this paper we introduce basic knowledge of Trusted Computing briefly. And then, we describe attack towards trusted computing system, and also discuss vulnerability of modern trusted computing system. We will exam two solutions, which can be named under using ’dynamic root of trust’, for these problems. Generally, it will change the ’old’ architecture of ’static root of trust’-based trusted c...
متن کاملGTrust: a group based trust model
Nowadays, the growth of virtual environments such as virtual organizations, social networks, and ubiquitous computing, has led to the adoption of trust concept. One of the methods of making trust in such environments is to use a long-term relationship with a trusted partner. The main problem of this kind of trust, which is based on personal experiences, is its limited domain. Moreover, both par...
متن کاملA limited memory adaptive trust-region approach for large-scale unconstrained optimization
This study concerns with a trust-region-based method for solving unconstrained optimization problems. The approach takes the advantages of the compact limited memory BFGS updating formula together with an appropriate adaptive radius strategy. In our approach, the adaptive technique leads us to decrease the number of subproblems solving, while utilizing the structure of limited memory quasi-Newt...
متن کامل