Norbert Pohlmann (Institut für Internet-Sicherheit), A.-R. Sadeghi, C. Stüble: “European Multilateral Secure Computing Base”, DuD Datenschutz und Datensicherheit – Recht und Sicherheit in Informationsverarbeitung und Kommunikation, Vieweg Verlag, 09/2004
The proposed open computing platform solves the security problems of conventional platforms through an efficient migration of existing operating systems, a Security Software Layer and hardware functionalities offered by Trusted Computing. In the sense of multilateral security, this platform allows the enforcement of security policies of different parties. Consequently, the platform enables the realisation of various innovative business models, particularly in the area of Digital Rights Management while averting the potential risks of Trusted Computing platforms regarding privacy issues. Existing networked computing platforms are not able to fulfil the multilateral security requirements of all involved parties, i.e., companies, end-users, and content providers. This can be seen by the huge number of exploits and security updates as well as the high number of attacks through viruses, worms and Trojan horses. Furthermore, the security of existing computing platforms could not to vitally improved in the last years due to the conceptual weaknesses, e.g., their monolithic architecture and thus the increased complexity. This pertains Windows-based operating systems as well as Linux-based ones. Most of the currently used IT-systems lack elemental security properties, such as integrity checks (keyword: secure booting) or the generation of secure cryptographic keys using appropriate random number generators. Thus, the existing threats thwart the realisation of a variety of useful applications and business models, particularly in the area of Digital Rights Management (DRM). Trusted Computing Technology (TC) provides useful functionalities, but is not able to solve the present security problems without a secure and trustworthy operating system: The operating system is the instance that controls all information flows above the hardware layer, and has therefore access to all security relevant data.
Weitere Informationen zum Thema “Trusted Computing”:
Artikel: „Eine Diskussion über Trusted Computing – Sicherheitsgewinn durch vertrauenswürdige IT-Systeme“
“Anwendungen sicher ausführen mit Turaya – In Sicherheit”
„Integrity Check of Remote Computer Systems – Trusted Network Connect”
„Turaya – Die offene Trusted Computing Sicherheitsplattform”
„Vertrauenswürdige Netzwerkverbindungen mit Trusted Computing – Sicher vernetzt?“
„European Multilateral Secure Computing Base”
Vorträge: “Trusted Computing (Vortrag)”
“Bausteine für sichere elektronische Geschäftsprozesse – Trusted Computing”
Glossareintrag: „Trusted Computing“
Vorlesung: „Trusted Computing (Vorlesung)“
Informationen über das Lehrbuch: „Cyber-Sicherheit“
kostenlos downloaden |