The Experts below are selected from a list of 7221 Experts worldwide ranked by ideXlab platform
Hyoungchun Kim - One of the best experts on this subject based on the ideXlab platform.
-
a bad dream subverting Trusted Platform module while you are sleeping
USENIX Security Symposium, 2018Co-Authors: Seunghun Han, Wook Shin, Junhyeok Park, Hyoungchun KimAbstract:This paper reports two sorts of Trusted Platform Module (TPM) attacks regarding power management. The attacks allow an adversary to reset and forge Platform configuration registers which are designed to securely hold measurements of software that are used for bootstrapping a computer. One attack is exploiting a design flaw in the TPM 2.0 specification for the static root of trust for measurement (SRTM). The other attack is exploiting an implementation flaw in tboot, the most popular measured launched environment used with Intel's Trusted Execution Technology. Considering TPM-based Platform integrity protection is widely used, the attacks may affect a large number of devices. We demonstrate the attacks with commodity hardware. The SRTM attack is significant because its countermeasure requires hardware-specific firmware patches that could take a long time to be applied.
Seunghun Han - One of the best experts on this subject based on the ideXlab platform.
-
a bad dream subverting Trusted Platform module while you are sleeping
USENIX Security Symposium, 2018Co-Authors: Seunghun Han, Wook Shin, Junhyeok Park, Hyoungchun KimAbstract:This paper reports two sorts of Trusted Platform Module (TPM) attacks regarding power management. The attacks allow an adversary to reset and forge Platform configuration registers which are designed to securely hold measurements of software that are used for bootstrapping a computer. One attack is exploiting a design flaw in the TPM 2.0 specification for the static root of trust for measurement (SRTM). The other attack is exploiting an implementation flaw in tboot, the most popular measured launched environment used with Intel's Trusted Execution Technology. Considering TPM-based Platform integrity protection is widely used, the attacks may affect a large number of devices. We demonstrate the attacks with commodity hardware. The SRTM attack is significant because its countermeasure requires hardware-specific firmware patches that could take a long time to be applied.
Sinha Roopak - One of the best experts on this subject based on the ideXlab platform.
-
Tailoring the Cyber Security Framework: How to Overcome the Complexities of Secure Live Virtual Machine Migration in Cloud Computing
2021Co-Authors: Deylami Hanif, Gutierrez Jairo, Sinha RoopakAbstract:This paper proposes a novel secure live virtual machine migration framework by using a virtual Trusted Platform module instance to improve the integrity of the migration process from one virtual machine to another on the same Platform. The proposed framework, called Koror\=a, is designed and developed on a public infrastructure-as-a-service cloud-computing environment and runs concurrently on the same hardware components (Input/Output, Central Processing Unit, Memory) and the same hypervisor (Xen); however, a combination of parameters needs to be evaluated before implementing Koror\=a. The implementation of Koror\=a is not practically feasible in traditional distributed computing environments. It requires fixed resources with high-performance capabilities, connected through a high-speed, reliable network. The following research objectives were determined to identify the integrity features of live virtual machine migration in the cloud system: To understand the security issues associated with cloud computing, virtual Trusted Platform modules, virtualization, live virtual machine migration, and hypervisors; To identify the requirements for the proposed framework, including those related to live VM migration among different hypervisors; To design and validate the model, processes, and architectural features of the proposed framework; To propose and implement an end-to-end security architectural blueprint for cloud environments, providing an integrated view of protection mechanisms, and then to validate the proposed framework to improve the integrity of live VM migration. This is followed by a comprehensive review of the evaluation system architecture and the proposed framework state machine. The overarching aim of this paper, therefore, is to present a detailed analysis of the cloud computing security problem, from the perspective of cloud architectures and the cloud... [Abridged]Comment: Conference paper, 8 pages, 3 figures, Proceedings of the International Conference on Information Resources Management (CONF-IRM2020
-
Tailoring the Cyber Security Framework: How to Overcome the Complexities of Secure Live Virtual Machine Migration in Cloud Computing
AIS Electronic Library (AISeL), 2020Co-Authors: Deylami Hanif, Gutierrez Jairo, Sinha RoopakAbstract:This paper proposes a novel secure live virtual machine migration framework by using a virtual Trusted Platform module instance to improve the integrity of the migration process from one virtual machine to another on the same Platform. The proposed framework, called Kororā, is designed and developed on a public infrastructure-as-a-service cloud-computing environment and runs concurrently on the same hardware components (Input/Output, Central Processing Unit, Memory) and the same hypervisor (Xen); however, a combination of parameters needs to be evaluated before implementing Kororā. The implementation of Kororā is not practically feasible in traditional distributed computing environments. It requires fixed resources with high-performance capabilities, connected through a high-speed, reliable network. The following research objectives were determined to identify the integrity features of live virtual machine migration in the cloud system: To understand the security issues associated with cloud computing, virtual Trusted Platform modules, virtualization, live virtual machine migration, and hypervisors; To identify the requirements for the proposed framework, including those related to live VM migration among different hypervisors; To design and validate the model, processes, and architectural features of the proposed framework; To propose and implement an end-to-end security architectural blueprint for cloud environments, providing an integrated view of protection mechanisms, and then to validate the proposed framework to improve the integrity of live VM migration. This is followed by a comprehensive review of the evaluation system architecture and the proposed framework state machine. The overarching aim of this paper, therefore, is to present a detailed analysis of the cloud computing security problem, from the perspective of cloud architectures and the cloud service delivery models. Based on this analysis, this study derives a detailed specification of the cloud live virtual machine migration integrity problem and key features that should be covered by the proposed framewor
David Challener - One of the best experts on this subject based on the ideXlab platform.
-
Trusted Platform Module Evolution
2015Co-Authors: Justin D. Osborn, David ChallenerAbstract:or more than a decade, commercial PC Platforms have been shipping with a standards-based embedded security subsystem on the motherboard known as the Trusted Platform Module, or TPM. TPMs have been used in a wide variety of applications, but some issues have hampered large-scale adoption. During the last 8 years, the Trusted Computing Group has been working on revising the specification to increase its flexibility, manageability, and utility. This article presents TPM use cases and explains the motivation for the major changes made to improve the TPM specification
-
a practical guide to tpm 2 0 using the Trusted Platform module in the new age of security
2015Co-Authors: Will Arthur, David ChallenerAbstract:A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security is a straight-forward primer for developers. It shows security and TPM concepts, demonstrating their use in real applications that the reader can try out. Simply put, this book is designed to empower and excite the programming community to go out and do cool things with the TPM. The approach is to ramp the reader up quickly and keep their interest. A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security explains security concepts, describes the TPM 2.0 architecture, and provides code and pseudo-code examples in parallel, from very simple concepts and code to highly complex concepts and pseudo-code. The book includes instructions for the available execution environments and real code examples to get readers up and talking to the TPM quickly. The authors then help the users expand on that with pseudo-code descriptions of useful applications using the TPM. What youll learn TPM 2.0 architecture fundamentals, including changes from TPM 1.2 TPM 2.0 security concepts Essential application development techniques A deep dive into the features of TPM 2.0A primer on the execution environments available for application development. Learn as you go! Who this book is for Application software developers, OS developers, device-driver developers, and embedded-device specialists, who will benefit from mastering TPM 2.0 capabilities and building their own applications quickly. This book will give them the tools they need to experiment with and understand the technology. Software architects who need to understand the security guarantees provided by TPMs Managers who fund the projects that use TPMs. Non-technical users who may want to know why TPMs are on their computers and how to make use of them.
-
Trusted Platform module evolution
2015Co-Authors: Justin D. Osborn, David ChallenerAbstract:536 or more than a decade, commercial PC Platforms have been shipping with a standards-based embedded security subsystem on the motherboard known as the Trusted Platform Module, or TPM. TPMs have been used in a wide variety of applications, but some issues have hampered large-scale adoption. During the last 8 years, the Trusted Computing Group has been working on revising the specification to increase its flexibility, manageability, and utility. This article presents TPM use cases and explains the motivation for the major changes made to improve the TPM specification. Trusted Platform Module Evolution
Hedabou Mustaha - One of the best experts on this subject based on the ideXlab platform.
-
fadetpm novel approach of file assured deletion based on Trusted Platform module
International Conference on Cloud Computing, 2017Co-Authors: Igarramen Zakaria, Hedabou MustahaAbstract:Nowadays, the Internet is developed, so that the requirements for on- and offline data storage have increased. Large storage IT projects, are related to large costs and high level of business risk. A storage service provider (SSP) provides computer storage space and management. In addition to that, it offers also back-up and archiving. Despite this, many companies fears security, privacy and integrity of outsourced data. As a solution, File Assured Deletion (FADE) is a system built upon standard cryptographic issues. It aims to guarantee their privacy and integrity, and most importantly, assuredly deleted files to make them unrecoverable to anybody (including those who manage the cloud storage) upon revocations of file access policies, by encrypting outsourced data files. Unfortunately, This system remains weak, in case the key manager's security is compromised. Our work provides a new scheme that aims to improve the security of FADE by using the TPM (Trusted Platform Module) that stores safely keys, passwords and digital certificates.
