Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Basic Concepts in the Trusted Platform Model

Figure 1 illustrates the general setup for a Trusted Platform Model. The Trusted Computing Platform Alliance has published documents that specify how a Trusted Platform must be constructed. Within each Trusted Platform is a Trusted (Platform) Subsystem, which contains a Trusted Platform Module (TPM), a Core Root of Trust for Measurement (CRTM), and support software (the Trusted platform Support Service or TSS). The TPM is a hardware chip that's separate from the main platform CPU(s). The CRTM is the first software to run during the boot process and is preferably physically located within the TPM, although this isn't essential. The TSS performs various functions, such as those necessary for communication with the rest of the platform and with other platforms. The TSS functions don't need to be trustworthy, but are nevertheless required if the platform is to be trusted. In addition to the Trusted Subsystem in the physical Trusted Platform, Certification Authorities (CAs) are centrally involved in the manufacture and usage of Trusted Platforms (TPs) in order to vouch that the TP is genuine.

Figure 1Figure 1 The overall Trusted Computing Platform model.

Readers with a background in information security know that a Trusted Computing Base (TCB) is roughly the set of functions that provide the security properties of a platform (in other words, that enforce the platform's security policy). The TCB in a Trusted Platform is the combination of the Trusted Subsystem (mainly dealing with secrets) and additional functions (mainly dealing with the use of those secrets, such as bulk encryption). As such, the Trusted Subsystem is a subset of the functions of the Trusted Computing Base of conventional secure computers, which would normally include both dealing with secrets and using secrets. Critically, however, the Trusted Subsystem contains some functions not found in a conventional TCB. Conventional secure computers provide formal evidence that a TCB in certain states actually can be trusted. This is done by means of formal assessment and certification of the platform in a particular configuration.

In contrast, the Trusted Subsystem provides a less formal means of showing that the TCB is both capable of being trusted and actually can be trusted in a variety of configurations. The Trusted Subsystem first demonstrates that it can be trusted and then demonstrates that the remainder of the TCB in a Trusted Platform can also be trusted. This involves certification from trusted entities that are prepared to vouch for the platform in various configurations.

  • + Share This
  • 🔖 Save To Your Account