Notes - MCS
Secure Execution Environments
Notes - MCS
Secure Execution Environments
  • Secure Execution Environments
  • Introduction
    • Trusted Computing Base (TCB)
    • TEE (Trusted Execution Environment)
    • Can you trust the operating system?
  • Security in Operating Systems
    • Operating system
    • Virtual machines and hypervisors
    • Computational model
    • Access control
    • Protection with capabilities
    • Unix file protection ACLs
    • Windows NTFS file protection
    • Unix file protection ACLs
    • Privilege elevation
    • Privilege reduction
    • Linux login
  • Virtualization on Intel Processors
    • Modes of Operation
    • Virtual memory
    • How to put assembly instructions inside C code
    • A more elaborate example
    • Useful assembly instructions
  • Intel Software Guard Extensions
    • What is SGX (Software Guard eXtensions)?
    • SGX Enclave Memory
    • Guidelines for designing applications using SGX
    • Performance Overhead
    • SDK compilation modes
    • Writing Enclave Functions
  • ARM TrustZone
    • SoC and IP
    • ARM TrustZone
    • Worlds
    • Architecture
    • TrustZone bootstrap
  • Linux Kernel Namespaces
    • Namespaces
    • Advantages
    • Process Namespace
    • Network namespace
    • Mount namespace
    • UTS namespace
    • User namespace
  • LXC Linux Containers
    • Container
    • LXC containers
  • AppArmor
    • Purpose
    • Enforcement
    • Benefits
    • Attack prevention
    • Enforcement policies
    • Enforcement modes
    • Logging and auditing
    • Profiles
  • TPM (Trusted Platform Module)
    • Trusted Platform Module (TPM)
    • History
    • Cryptographic Concepts
    • Use cases
    • TPM Software Stack (TSS)
    • TPM concepts
    • Entities
    • Key management
    • Restrict signatures
    • Sessions
    • Authorization roles
  • Bootstrap security
    • AEGIS
    • Trusted computing
    • Root of Trust Measurements
    • Trusted Computing Platform Alliance (TCPA)
    • TPM-based attestation
    • Trusted Platform identity credentials
    • UEFI (Unified Extensible Firmware Interface)
    • NSA Boot Security
    • UEFI secure boot & TPM measurements
    • Intel Trusted Execution Technology (TXT)
    • Smartcards
      • Java Cards
      • OpenCard Framework (OCF)
      • Cryptographic services
Powered by GitBook
On this page
  • Host identification
  • Host data encryption
  • Key storage
  • Random number generation
  • NVRAM for storing critical data.
  • PCRs (Platform Configuration Registers)
  • Privacy enhancement
  1. TPM (Trusted Platform Module)

Use cases

Host identification

To authorize its participation in protected environments.

Host data encryption

Files, file systems, and highly sensitive data (passwords).

Key storage

Encrypted with the TPM public key.

Encrypted keys can be stored anywhere.

Random number generation

Fundamental to generate their keys and nonces.

NVRAM for storing critical data.

Root keys of certification chains.

Endorsement keys (EKs).

State to be achieved during a controlled bootstrap.

  • Used by Intel Trusted Execution Technology.

PCRs (Platform Configuration Registers)

They keep hash extends.

That hash extends can report sequences of measurements.

They can be used as authentication signals.

  • Secrets can be unlocked only when they have a given value.

  • In 2.0 they can be unlocked if matching a value signed by a trusted party (to avoid PCR fragility).

    • Non-Brittle PCRs

Privacy enhancement

Storage of password-protected secrets with delay mechanisms to prevent guessing attacks.

Attestation Identity Keys (AIKs), or simply AKs.

  • It can identify the host (or owner) in different scenarios.

Direct anonymous attestation (DAA).

Last updated 11 months ago