- Introduction
- Why Are Trusted Platforms Being Developed?
- The Trusted Computing Platform Alliance and the TCPA Specification
- What Is a Trusted Platform?
- Basic Concepts in the Trusted Platform Model
- Basic Functionalities of a Trusted Platform
- Benefits of Using Trusted Computing Technology
- Summary of TCPA Technology
Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
Why Are Trusted Platforms Being Developed?
Computer platforms are becoming widely available and are central to the growing reliance on electronic business and commerce. In addition, the need to protect information is increasing, particularly on the type of computers we use directly (client platforms such as PCs). Although businesses now use secure operating systems on servers and have physically protected individual server platforms, no overall corresponding improvement in client platforms has occurred, because of the ad hoc way in which client platforms develop, the sheer number of such platforms, and the cost.
The flexibility and openness of the PC platform has enabled phenomenal business growth, and attempts to prohibit that flexibility and openness would meet with resistance. Given a choice between convenience and security, most users opt for convenience. This makes improving confidence in client platforms—PCs in particular—a big challenge.
No single company dictates the architecture of all platforms on the same network or the plan of that network itself. Although other types of platforms are increasingly being used for Internet access, the diversity of software and hardware for PCs continues to mean that the principal client platforms of the Internet are still PC-based. As conventional businesses increasingly depend on PCs and the Internet for their success—even their very existence—the trustworthiness of PCs and other platforms is an increasingly vital issue. The development of e-services and the convenience of using the same computer platform for both personal and business activities mean that users increasingly need to store and use sensitive data on their platforms. Of course, they expect their data to be protected from misuse even when they're connected to the Internet.
However, the ability to protect a PC or other computing platform through software alone has developed as far as it can, and has inherent weaknesses. The degree of confidence in software-only security solutions depends on their correct installation and operation, which can be affected by other software that's installed on the same platform. Even the most robust and tightly controlled software cannot vouch for its own integrity. For example, if malicious software has bypassed the security mechanisms of an operating system (OS) and managed to corrupt the behavior of the OS, by definition it's impossible to expect that the OS will necessarily be aware of this security breach. It's often possible to find out whether software has been modified when you know what modification to look for (for example, a known virus). However, on current computing platform technology, it isn't easy for a local or remote user to test whether a platform is suitable to process and store sensitive information. For example, it's possible to identify an employee accessing a corporate network through a virtual private network (VPN) gateway, but it's impossible to establish with confidence whether the computing platform used by the employee is a corporate machine, and runs only the required software and configurations.
Experts in information security conclude that some security problems can't be solved by software alone, and even conventional secure operating systems depend on hardware features to enforce separation of user and supervisor modes. Privacy issues have arisen such as the conflict of duty between providing confidence in a computing platform's behavior to the owner of a company PC, and providing confidence in the platform's behavior to the individual user of that PC. Also, differences exist between providing confidence in a platform's behavior to a local user and providing that confidence to a remote entity across a network.