A server-based secure bootstrap architecture

Abstract

The computer terminal plays an import role in the security of whole Local Area Network. However, the uncontrolled way of bootstrap brings about difficulties of providing sufficient trustworthiness to the LAN. To enforce the terminal security of the LAN and especially its ability of resisting ill-meaning tampering, this paper puts forward a server-based bootstrap architecture, based on the trusted computing technology. By verifying the integrity of the terminal before booting the OS, this architecture can effectively prevent the terminal from booting into a tampered OS, and the recovery module meanwhile enforces the robustness of the system. We present an implementation of the architecture, which extends the Trusted GRUB by adopting an attestation process between the GRUB level and the attestation server. The performance analysis shows that at a low time delay, the security of the system has been improved, and the proposed architecture can also provide server with stronger control and management ability towards the whole LAN. © 2010 Springer-Verlag Berlin Heidelberg.