Welcome!

Linux Containers Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, Pat Romanski, Stackify Blog

Related Topics: Linux Containers

Linux Containers: Article

Trusting Computing on Linux

Building a trusted platform

In an era where everybody is connected to a potentially harmful Internet with an increasing number of complex and distributed applications, controlling what the computers do has become significantly harder. At the core, simple actions (executing software, e-commerce, etc.) rely on trust relationships; what if your computer (or the merchant's) has been compromised and alters your perception of reality? Indeed, at the beginning, Neo did not know there was a Matrix because he trusted everything he saw...

Closer to our world, and without being paranoid, one of the first actions intruders or rootkits take is to replace common commands with fake ones. Is it then possible to guarantee that we'll really execute the code we intended to? How far can you trust the computer of a given merchant not to reveal your credit card number? This is precisely what trusted computing is about: providing the means to know how much a given machine may be trusted.

Actually, the use of chips to enforce security within the lowest layers isn't new; it's existed for many years. However, their high price, difficult integration with commercial software, and high impact on systems' performances has restricted their use to the mainstream industry.

Several major industrials decided to join their efforts and design a compromise that would meet market needs. The idea was to build a trusted platform, including a new security chip, that would be easier to use and with more computational power, but perhaps a little less secure. They first gave birth to the TCPA (Trusted Computing Platform Alliance) in 1999, and then to its successor, TCG (Trusted Computing Group), in 2003.

Trusted Computing Group

The primary goal of the TCG is to provide the industry with vendor-neutral standard specifications for various platforms (PC, PDA, mobile phone, etc.). To do so, they describe a subsystem to integrate onto each platform and that provides protection to a user's computing environment, and information and keys to operating systems or applications. More precisely, TCG's proposed subsystem consists of a Trusted Platform Module (TPM) and the TPM Software Stack (TSS).

The TPM is a hardware chip. It provides low-level trusted computing functionalities such as protected storage (making sure encryption keys cannot be retrieved even if the platform is compromised), integrity metrics (detecting compromise), and platform attestation (prove to others that the platform has a given property).

As for the TSS, it's organized as shown in Figure 1:

  • A TPM device driver, typically provided by the TPM manufacturer
  • An abstraction layer to TPM drivers, the TDDL, which makes it possible to develop upper components in the stack independent of the TPM chip
  • A core services layer (TCS) that groups all common services to the software stack, such as event management, key and credentials management, etc.
  • Various TSS Service Providers (TSP) that, for example, offer access to specific APIs such as PKCS#11
To illustrate the possible benefits of using trusted compu-ting, let's describe a simple case where a system administrator needs to secure an employee's laptop access to the corporate network. The employee accesses his or her company's network using a secret key and specific network access software (e.g., a VPN client). The problem is that the employee's laptop is obviously untrusted; it's carried everywhere and unfortunately is the ideal target for viruses or any other malware. If a laptop's corporate network access software and/or the secret key are compromised, this may seriously impact corporate security.

To avoid such a scenario, a possible solution relies on trusted computing. The administrator uses the TPM to seal the secret key with the BIOS, OS, and the network access software. This cryptographically binds the keys to a given software stack, so that only the TPM may unseal the key if and only if the software stack (BIOS, OS, network-access software) has not been compromised. This virtually establishes trust on an untrusted platform.

Linux Support for TCG

In practice, TPMs are already well established on the market, although perhaps not that widely yet. Several chip manufacturers propose TPM chips (e.g., Infineon's SLD 9630 TT or Atmel's AT97SC3201). Intel has developed TPM-integrated boards (D865GRH, D915GEV, and D915GUX desktop boards). TPMs are even sold on a specific desktop or laptop series (IBM ThinkCentre, HP Compaq DC7100, Toshiba Tecra M2, Fujitsu Lifebook S, etc.). The real difficulty in getting your hands on TCG arises later, within the TPM Software Stack. Indeed, mainstream Linux kernels do not natively recognize TPM chips, and solutions to use them are nearly nonexistent at the moment.

With Linux, we are presently only aware of NTRU's TSS and a few research projects listed in Table 1. Most of those are highly experimental, with only limited support of TPM chips and a selected subset of TCG functions. Clearly, this is currently only a developer's or an expert's world; there is no way an end user can benefit from TCG's functionalities without getting into the source code.

TCG and Linux

Actually, trusted computing's first exposure to the public has been quite controversial. Basically, people worried that this technology would scorn privacy or block software interoperability. Others even exposed startling side effects. The reality is probably somewhat more balanced, and we dare to compare trusted computing to a Swiss army knife: it can be extremely useful for getting out of (dangerous?) situations, but obviously it may be lethal.

It's beyond the scope of this article to tackle privacy and TCG issues in more detail, though we invite interested readers to refer to the resources section for further readings.

Whether we want it or not, trusted computing seems to be a part of the future for many commercial systems. Support for TCG is already part of the requirements for some industrial Linux systems. Market perspective looks extremely promising; indeed, there are still several research and development opportunities:

  • At the hardware level, by introducing new trusted hardware on the market (see for instance, Intel's trusted keyboard controller).
  • At the operating system level, with a new "trusted" OS making use of trusted hardware. This would probably consist of a kernel module but with a broader link to the OS.
  • At the application level, with numerous use cases for end-user "trusted" applications, but barely any implementation on Linux yet.
  • In the area of embedded systems - for example, mobile phones, PDAs, or other devices.

Conclusion

Currently, the best way to qualify TCG's penetration in the market is moderate: the TPM chips are already on the market, but their software stack is extremely limited and experimental. Yet, whatever your rationale is - for or against TCG technology - with the widespread propagation of viruses and other malware, and the ever-increasing security needs of the industry, trusted computing seems an extremely promising technology and TPM chips are very likely to be deployed more frequently on systems around us. It would then be extremely positive for the Linux community - and more generally the open source community - to get involved. Indeed, how much and how well TPMs are supported and integrated could become a selection criteria among operating systems in the future.

Resources

  • Yee, B. "Using Secure Coprocessors", PhD Thesis, CMUCS94149, May 1994: http://citeseer.ist.psu.edu/yee94using.htm
  • Arnold, T. W., and van Doorn, L. P. "The IBM PCIXCC: A new cryptographic coprocessor for the IBM eServer." IBM Research & Development Journal. Vol. 48, No. 3. May/July 2004.
  • Trusted Computing Group: www.trustedcomputinggroup.org
  • NTRU Core TCG Software Stack (CTSS): www.ntru.com/products/tcg_ss.htm
  • Safford, D. "TCPA Resources": www.research.ibm.com/gsal/tcpa/
  • Sailer, R.; Jaeger, T.; van Doorn, L.; Zheng, X. "TPM based Linux Runtime Attestation": www.research.ibm.com/secure_systems_department/projects/tcglinux/
  • Wild, O., and Marchesini, J. "Enforcer": http://enforcer.sourceforge.net/
  • Sevinc, P.E. "A Software-based TPM Emulator for Linux": www.infsec.ethz.ch/people/psevinc
  • Selhorst, M., and Stueble, C. "Linux Kernel Module for the Infineon Trusted Platform Module SLD 9630 TT": www.prosec.rub.de/tpm/
  • Anderson, R. "Trusted Computing - Frequently Asked Questions", version 1.1. August 2003: www.againsttcpa.com/tcpafaqen.html
  • Schechter, S.E.; Greenstadt, R.A.; and Smith, M.D. "Trusted Computing, Peer to Peer Distribution, and the Economics of Pirated Entertainment." Second Workshop on Economics and Information Society, May 29, 2003: www.eecs.harvard.edu/~stuart/papers/eis03.pdf
  • Carrier Grade Linux Hardware Requirements definition version 3: www.osdl.org/docs/cgl_hw_req_def___v30_draft.pdf
  • Bajikar, S. "Trusted Mobile Keyboard Controller Architecture." Intel Developers Forum. Fall 2003: www.intel.com/idf/us/fall2003/presentations/F03USMOBS147_OS.pdf
  • Wave Systems, Embassy Trust Suite: www.wave.com/products/ets_pro.html
  • Linux Devices. January 22, 2003: www.linuxdevices.com/news/NS9222005703.html
  • Walko, J. "ARM links with Trusted Logic for secure mobile, set tops." July 14, 2004: www.embedded.com/showArticle.jhtml?articleID=23900682&_loopback=1
  • More Stories By Makan Pourzandi

    Makan Pourzandi received his doctoral degree on parallel computing in 1995 from the University of Lyon, France. He works for Ericsson Research
    Canada in the Open Systems Research Department. His research domains are security, cluster computing, and component-based methods for
    distributed programming. He has more than 7 publications in International conferences with reference committees. Makan has delivered several talks
    at universities, international conferences, and Open Source forums. He is involved in several Open Source projects: Distributed Security
    Infrastructure (disec.sourceforge.net), and a contributer to the
    security requirements of the Open Source Development Lab (OSDL) Carrier Grade Linux (CGL).

    More Stories By Axelle Apvrille

    Axelle Apvrille currently works for Ericsson Research Canada in the Open Systems Research Department. Her
    research interests are cryptography, security protocols and distributed
    security. She received her computer science engineering degree in 1996
    at ENSEIRB, Bordeaux, France.

    Comments (0)

    Share your thoughts on this story.

    Add your comment
    You must be signed in to add a comment. Sign-in | Register

    In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


    @ThingsExpo Stories
    It is of utmost importance for the future success of WebRTC to ensure that interoperability is operational between web browsers and any WebRTC-compliant client. To be guaranteed as operational and effective, interoperability must be tested extensively by establishing WebRTC data and media connections between different web browsers running on different devices and operating systems. In his session at WebRTC Summit at @ThingsExpo, Dr. Alex Gouaillard, CEO and Founder of CoSMo Software, presented ...
    Most people haven’t heard the word, “gamification,” even though they probably, and perhaps unwittingly, participate in it every day. Gamification is “the process of adding games or game-like elements to something (as a task) so as to encourage participation.” Further, gamification is about bringing game mechanics – rules, constructs, processes, and methods – into the real world in an effort to engage people. In his session at @ThingsExpo, Robert Endo, owner and engagement manager of Intrepid D...
    Recently, WebRTC has a lot of eyes from market. The use cases of WebRTC are expanding - video chat, online education, online health care etc. Not only for human-to-human communication, but also IoT use cases such as machine to human use cases can be seen recently. One of the typical use-case is remote camera monitoring. With WebRTC, people can have interoperability and flexibility for deploying monitoring service. However, the benefit of WebRTC for IoT is not only its convenience and interopera...
    Michael Maximilien, better known as max or Dr. Max, is a computer scientist with IBM. At IBM Research Triangle Park, he was a principal engineer for the worldwide industry point-of-sale standard: JavaPOS. At IBM Research, some highlights include pioneering research on semantic Web services, mashups, and cloud computing, and platform-as-a-service. He joined the IBM Cloud Labs in 2014 and works closely with Pivotal Inc., to help make the Cloud Found the best PaaS.
    Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution. In his session at @ThingsExpo, Akvelon expert and IoT industry leader Sergey Grebnov provided an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
    Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
    Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
    Personalization has long been the holy grail of marketing. Simply stated, communicate the most relevant offer to the right person and you will increase sales. To achieve this, you must understand the individual. Consequently, digital marketers developed many ways to gather and leverage customer information to deliver targeted experiences. In his session at @ThingsExpo, Lou Casal, Founder and Principal Consultant at Practicala, discussed how the Internet of Things (IoT) has accelerated our abilit...
    In his session at Cloud Expo, Alan Winters, U.S. Head of Business Development at MobiDev, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to maximize project result...
    To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices to ...
    Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
    In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
    "Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
    Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessio...
    To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
    Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
    DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018.
    Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
    The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
    In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...