Seamless integration of trusted computing into standard cryptographic frameworks

Abstract

Trusted Software Stacks (TSS) are the interfaces between applications and Trusted Platform Modules (TPMs). In order to avoid wrong usage of the stacks which could lead to security holes, they should provide an easy-to-use interface for developers. Moreover, they should be designed in a flexible way to adapt to new requirements resulting from specification or algorithm changes. However, the currently specified TSS interface is highly complex and requires a vast amount of training effort for developers to get familiar with it. Moreover, existing stacks are monolithic blocks of software - they either support the full range of TPM functions which makes them large or they support a customized subset of features which reduces their scope of use. In this paper, we propose a novel design for a Trusted Software Stack (TSS) that can be integrated into existing security frameworks. Instead of designing a new application programming interface (API), our stack uses the APIs from well known and established frameworks, allowing developers that are not familiar with Trusted Computing (TC) to easily adapt to this new technology. Furthermore, our stack supports multiple TPMs, dynamic component loading and Over-The-Air updates that allow the stack to support customized sets of features even after it has been deployed in the field. Moreover, the stack provides built-in support for user authentication and TPM access control. Our prototype stack is developed for the .NET programming environment, thereby eliminating common implementation faults like buffer overflows. Due to the managed nature of the .NET runtime environment, it is portable between different operating systems and can be used on desktop systems as well as on embedded systems without the need for recompiling it for the specific target architecture. © 2011 Springer-Verlag.