BIB-VERSION:: CS-TR-v2.0
ID:: ncstrl.dartmouthcs//TR2003-476
ENTRY:: December 15, 2003
ORGANIZATION:: Dartmouth College, Computer Science
TITLE:: Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear
TYPE:: Technical Report (paper)
REVISION:: 3
AUTHOR:: Marchesini, John
AUTHOR:: Smith, Sean W.
AUTHOR:: Wild, Omen
AUTHOR:: MacDonald, Rich
DATE:: December 2003
RETRIEVAL:: For a paper copy, email <reports@cs.dartmouth.edu>
RETRIEVAL:: For a paper copy, write to
       Technical Report Librarian
       Department of Computer Science
       Dartmouth College
       6211 Sudikoff Laboratory
       Hanover, NH 03755-3510
       USA
RETRIEVAL:: PDF at http://www.cs.dartmouth.edu/reports/TR2003-476.pdf
ABSTRACT:: 
Over the last few years, our group has been working on applications of
secure coprocessors---but has been frustrated by the limited
computational environment and high expense of such devices.  Over the
last few years, the TCPA (now TCG) has produced a specification for a
trusted platform module (TPM)---a small hardware addition
intended to improve the overall security of a larger machine (and tied
up with a still-murky vision of Windows-based trusted computing). 
Some commodity desktops now come up with these TPMs.
   Consequently, we began an experiment to see if (in the absence of a
Non-Disclosure Agreement) we could use this hardware to transform a
desktop Linux machine into a virtual secure coprocessor: more powerful
but less secure than higher-end devices.  This experiment has several
purposes: to provide a new platform for secure coprocessor
applications, to see how well the TCPA/TCG approach works, and (by
working in open source) to provide a platform for the broader
community to experiment with alternative architectures in the
contentious area of trusted computing.
   This paper reports what we have learned so far: the approach is
feasible, but effective deployment requires a more thorough look at OS
security.
NOTE:: 
This report, TR2003-476, supersedes TR2003-471 of August 2003.
Furthermore, the December 15, 2003 version of TR2003476 fixes
typos found in the December 4, 2003 version.
END:: ncstrl.dartmouthcs//TR2003-476