| Many scenarios in modern computing give rise to a common problem: why should Alice trust computation that’s occurring at Bob’s machine? (The computer security field likes to talk about “Alice” and “Bob” and protection against an “adversary” with certain abilities.) What if Bob, or someone who has access to his machine, is the adversary?
In recent years, industrial efforts—such as the Trusted Computing Platform Association (TCPA) (now reformed as the Trusted Computing Group, TCG), Microsoft’s Palladium (now the Next Generation Computing Base, NGSCB), and Intel’s LaGrande—have advanced the notion of a “trusted computing platform.” Through a conspiracy of hardware and software magic, these platforms attempt to solve this remote trust problem, for various types of adversaries. Current discussions focus mostly on snapshots of the evolving TCPA/TCG specification, speculation about future designs, and idealogical opinions about potential social implications. However, these current efforts are just points on a larger continuum, which ranges from earlier work on secure coprocessor design and applications, through TCPA/TCG, to recent academic developments. Without wading through stacks of theses and research literature, the general computer science reader cannot see this big picture.
The goal of this book is to fill this gap. We will survey the long history of amplifying small amounts of hardware security into broader system security. We will start with early prototypes and proposed applications. We will examine the theory, design, implementation of the IBM 4758 secure coprocessor platform, and discuss real case study applications that exploit the unique capabilities of this platform. We will discuss how these foundations grow into the newer industrial designs such as TCPA/TCG, as well as alternate architectures this newer hardware can enable. We will then close with an examination of more recent cutting-edge experimental work. |