Is it possible to prove to the remote party that the application I am running in my system is the same as I am claiming that I am running using DRTM or SRTM? If yes then How?
Remotely Verifying the Application in execution
194 Views Asked by Geek At
1
There are 1 best solutions below
Related Questions in INTEL
- Coldfusion 9 serializeJSON()
- Coldfusion 9 webservice error
- code optimizing in coldfusoin, as String are immutable in Coldfusion
- Retrieving the value which have '#' character in ColdFusion
- Cfquery insert unexpected recordcount
- How to get raw binary from hash function in ColdFusion 9?
- Coldfusion 9 Flash Multifile Upload Widget fails due to unrelated code
- CFloop through query and apply each result to a variable
- Coldfusion - How to prevent multiple clicks?
- Issue with invoking a Coldfusion Component
Related Questions in TPM
- Coldfusion 9 serializeJSON()
- Coldfusion 9 webservice error
- code optimizing in coldfusoin, as String are immutable in Coldfusion
- Retrieving the value which have '#' character in ColdFusion
- Cfquery insert unexpected recordcount
- How to get raw binary from hash function in ColdFusion 9?
- Coldfusion 9 Flash Multifile Upload Widget fails due to unrelated code
- CFloop through query and apply each result to a variable
- Coldfusion - How to prevent multiple clicks?
- Issue with invoking a Coldfusion Component
Related Questions in TRUSTED-COMPUTING
- Coldfusion 9 serializeJSON()
- Coldfusion 9 webservice error
- code optimizing in coldfusoin, as String are immutable in Coldfusion
- Retrieving the value which have '#' character in ColdFusion
- Cfquery insert unexpected recordcount
- How to get raw binary from hash function in ColdFusion 9?
- Coldfusion 9 Flash Multifile Upload Widget fails due to unrelated code
- CFloop through query and apply each result to a variable
- Coldfusion - How to prevent multiple clicks?
- Issue with invoking a Coldfusion Component
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Theoretically: yes. The concept is called remote attestation.
The basic idea is: First you have a sound chain of trust built on your platform, like:
The resulting measurements are stored in the PCRs.
Now you can let the TPM sign this set of PCRs, that's called
quote.You can submit this quote to a remote entity. Here the problems start:
How can you proof that the quote was signed by a hardware TPM and not an emulator?
Possible solutions: pre-shared keys or some kind of CA.
How can you be sure that the PCR values represent a trusted system state?
That's not so easy. If you have SRTM, you have to consider every possible combination of how your system load the components. E.g. in BIOS-phase, in which order are the option-ROMs loaded?
Here DRTM comes for the rescue, but it makes the matter just slightly easier. With DRTM you can forget about all the pre-DRTM stuff. If you have a small trusted environment, say like flicker, then you'll have a manageable set of trusted configurations. If you have a full-featured OS, than it's hard.
First, you have to find an OS that measures everything. IBM's IMA for the Linux kernel is one example.
Then, the slightest difference in the order of loaded components will lead to different PCR values. Furthermore consider all the combinations of states the different installed software packages might be in.
Possible solutions are to restrict the possible set of PCR values that represent a valid configuration. For example you can measure a whole OS image instead of each binary. An example is the acTvSM platform published a few years ago.
Conclusion: There is no easy, off-the-shelf solution, but you can design a system such that it fits your requirements.