Open-Source Applications of TCPA Hardware

John Marchesini
Dartmouth College

Sean Smith
Dartmouth College

Omen Wild
Dartmouth College

Alex Barsamian
Dartmouth College

Josh Stabiner
Dartmouth College

How can Alice trust computation occurring at Bob's computer? Since it
exists and is becoming ubiquitous, the current-generation TCPA/TCG
hardware might enable a solution. At the time we began investigating
the then-emerging TCPA/TCG technology, much of the standardized
software had not been implemented. So, we designed and built an
open-source platform based on the TCPA/TCG hardware and Linux which
would allow us to address the problem of trusting computation. Our
solution works within the limits of TCPA/TCG hardware security and
within the constraints of what Alice needs to do to make trust
judgments, and of what Bob needs to do to keep his system running.

Furthermore, we describe how we use our platform to harden three
sample applications (also open source): Apache SSL Web servers, OpenCA
certification authorities, and (using SELinux) compartmented
attestation to balance privacy with DRM.

To our knowledge, our project remains the only open-source TCPA/TCG
platform in existence, and is also enabling trusted computing
applications developed by our user community (\url{sourceforge}
reports over 900 sourcecode downloads so far).

Keywords: TCPA, TPM, Apache, PKI, DRM

Read Paper Read Paper (in PDF)