Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

An Enhanced Operating System

Even with a standard operating system (OS), a Trusted Platform can use its information security mechanisms to store and protect secrets, it can have an arbitrary number of attestation identities, and it can report what OS was loaded. (This phased availability of benefits is a deliberate design decision, because it was anticipated that Trusted Platform hardware would be available before an enhanced OS.) These features on their own enable enhanced applications and services, certainly significantly better than can be provided by conventional platforms, so this class of platforms are very worthwhile in their own right.

Without OS enhancements, however, a platform doesn't have full Trusted Computing Platform functionality. Such a platform can't report on the state of the OS, or on the applications that have been loaded by the OS, so it's more difficult for a user to decide whether to trust the platform with a sensitive task. Obviously, the more of the software stack that can be reported, the more confidence the user can have in the state of the platform. For example, it's good to know that a corporate financial application is running but a connection to an unapproved ISP is not.

Reporting the state of the OS and applications requires operating systems that are augmented to measure executables before loading them. Critically, it also requires that enhanced operating systems be modified to minimize the opportunity to bypass the measurement software. OS writers are encouraged to step up to the task!

  • + Share This
  • 🔖 Save To Your Account