Trusted Computing

Goals

• Define code identity and explain why it is useful for bootstrapping security
• Explain the threats Trusted Computing does/does not address
• Compare/contrast secure vs. trusted boot
• Explain sealed storage
• Describe techniques to provide fine-grained attestation
• Compare/contrast possible roots of trust

Trust

• What does it mean to trust a computing system?
• Why is it hard to establish trust in a computing system?
• What property matters most for bootstrapping trust in software?

Code Identity

• How is code identity typically defined?
  • What is and is not included?
• What can you build, given code identity?

Establishing Code Identity

• What’s our threat model?
• What is a chain of trust?
• How does secure/trusted boot work? Compare/contrast the two.
• How can we secure the records produced by a chain of trust?

Using Code Identity

• How can code identity be used for local access control (or sealed storage)?
• How does attestation work?
  • What needs to be in place for it to work?
  • How does the TPM-based protocol work?

• Interpretting Code Identity

• How can we securely focus our attention on security critical code?
• Does Trusted Computing give us load-time assurance, run-time assurance, or both?

Roots of Trust

• What are some examples of roots of trust?
  • Compare/contrast them
• What is SGX?

Other

• How do humans complicate Trusted Computing?
• What are the legal implications of Trusted Computing?