Muutke küpsiste eelistusi

Practical Guide to Trusted Computing [Pehme köide]

3.00/5 (4 hinnangut Goodreads-ist)
, , , ,
  • Formaat: Paperback / softback, 384 pages, kõrgus x laius x paksus: 234x180x20 mm, kaal: 560 g
  • Ilmumisaeg: 10-Jan-2008
  • Kirjastus: IBM Press
  • ISBN-10: 0132398427
  • ISBN-13: 9780132398428
Teised raamatud teemal:
  • Pehme köide
  • Hind: 59,94 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
Practical Guide to Trusted ComputingSuurem pilt
  • Formaat: Paperback / softback, 384 pages, kõrgus x laius x paksus: 234x180x20 mm, kaal: 560 g
  • Ilmumisaeg: 10-Jan-2008
  • Kirjastus: IBM Press
  • ISBN-10: 0132398427
  • ISBN-13: 9780132398428
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780132398428.html
Märksõnad:

Use Trusted Computing to Make PCs Safer, More Secure, and More Reliable

Every year, computer security threats become more severe. Software alone can no longer adequately defend against them: what’s needed is secure hardware. The Trusted Platform Module (TPM) makes that possible by providing a complete, open industry standard for implementing trusted computing hardware subsystems in PCs. Already available from virtually every leading PC manufacturer, TPM gives software professionals powerful new ways to protect their customers. Now, there’s a start-to-finish guide for every software professional and security specialist who wants to utilize this breakthrough security technology.

Authored by innovators who helped create TPM and implement its leading-edge products, this practical book covers all facets of TPM technology: what it can achieve, how it works, and how to write applications for it. The authors offer deep, real-world insights into both TPM and the Trusted Computing Group (TCG) Software Stack. Then, to demonstrate how TPM can solve many of today’s most challenging security problems, they present four start-to-finish case studies, each with extensive C-based code examples.

Coverage includes

  • What services and capabilities are provided by TPMs
  • TPM device drivers: solutions for code running in BIOS, TSS stacks for new operating systems, and memory-constrained environments
  • Using TPM to enhance the security of a PC’s boot sequence
  • Key management, in depth: key creation, storage, loading, migration, use, symmetric keys, and much more
  • Linking PKCS#11 and TSS stacks to support applications with middleware services
  • What you need to know about TPM and privacy--including how to avoid privacy problems
  • Moving from TSS 1.1 to the new TSS 1.2 standard
  • TPM and TSS command references and a complete function library

Muu info

The TPM was developed by members of the Trusted Computing Group in order to establish an industry standard for a trusted computing subsystem to be added to PCs. The TPM is an open, freely downloadable specification that is now being embedded in hardware from major industry players including Dell, IBM and HP. This book is designed to provide developers with a practical understanding of how to use the Trusted Platform Module. (TPM) Through multiple examples, it provides the reader with an understanding of what problems the TPM can be used to solve, and the motivation behind the design decisions made in the specifications. After reading this book, the reader should better understand the security problems facing PC clients today and how to use the capabilities of a TPM, via the standard APIs to solve many of those problems. The TPM is a technology that assists with encryption at the hardware level instead of the software level. This makes it more difficult for hackers to break into the system. While major industry players are embedding the technology, it is still controversial particularly the features remote attestation, binding, and sealing which are viewed as potential threats to privacy and restrictiveness, in the same manner as Digital Rights Management.
Preface xvii
Acknowledgments xxv
About the Authors xxvii
Part I: Background Material 1
Chapter 1 Introduction to Trusted Computing
3
Computer Security Attacks Are Staggeringly Expensive
3
The Changing Threats to Computer Security
4
Vulnerable Programs
5
Malicious Programs: Viruses and Spyware/Adware
7
Misconfigured Programs
7
Social Engineering: Phishing and Pharming
7
Physical Theft of Data
8
Electronic Eavesdropping
8
Can Software Be Made Completely Secure?
9
How Can the TPM Help?
9
Privacy and Recovery—Special Considerations for Hardware
11
Summary
12
Endnotes
12
Chapter 2 Design Goals of the Trusted Platform Module
13
Securely Reporting the Environment: Platform Status
14
Storing a Record of the Boot Sequence
14
Reporting the Boot Sequence Record
17
Secure Storage
18
Storing Data and Symmetric Keys
19
Storing Asymmetric Keys
19
Authorization
20
Secure Signatures
22
Secure Identity
23
Isolation of Users in a Multiple User Environment
23
Internal Random Number Generation
24
Features Not Included
25
Security Analysis
26
Summary
28
Chapter 3 An Overview of the Trusted Platform Module Capabilities
29
Secure Storage: The Storage Root Key
29
Migratable Versus Non-Migratable Keys
34
Types of Keys
35
Storage Keys
36
Binding Keys
36
Identity Keys
36
Signature Keys
36
Platform Integrity
37
Platform Configuration Registers
37
The Handoff Procedure
39
Maintenance
39
Secure Signatures
40
Avoiding Exposure
41
Privacy and Multiple Signatures
41
Summary
42
Part II: Programming Interfaces to TCG 43
Chapter 4 Writing a TPM Device Driver
45
TCG Device Driver Library
46
TPM 1.1 b Specification Device Interface
47
Technical Details
47
Device Programming Interface
48
TPM 1.2 Specification Device Interface
50
Technical Details
51
Device Programming Interface
53
Summary
58
Chapter 5 Low-Level Software: Using BIOS and TDDL Directly
59
Talking to the TPM Through BIOS
59
Talking to the TPM Through TDDL
62
The IBM libtpm Package
62
Enabling and Clearing the TPM
63
Talking to the TPM
63
Getting Started with Some Simple TPM Commands
64
Taking Ownership
66
Creating and Using Keys
66
Checking the TPM Configuration
67
Summary
68
Chapter 6 Trusted Boot
69
Trusted Boot with Static Root of Trust
69
Dynamic Root of Trust Measurements
71
AMD's Secure Virtual Machine
72
Proof of Locality
75
Summary
76
Chapter 7 The TCG Software Stack
77
TSS Design Overview
77
The TCG Service Provider Interface (Tspi)
79
TSP Object Types
79
Context Objects
80
TPM Objects
81
Policy Objects
82
Key Objects
85
Encrypted Data Objects
87
Hash Objects
88
PCR Composite Objects
89
Non-Volatile Data Objects (TSS 1.2)
91
Migratable Data Objects (TSS 1.2)
92
Delegation Family Objects (TSS 1.2)
92
Direct Anonymous Attestation (DAA) Objects (TSS 1.2)
92
TSS Return Codes
93
TSS Memory Management
94
Portable Data
94
Persistent Key Storage
95
Signing and Verifying
97
Setting Callback Functions
99
The TSS Validation Data Structure
101
Summary
102
Chapter 8 Using TPM Keys
103
Creating a Key Hierarchy
103
Utility Functions
104
Summary
124
Chapter 9 Using Symmetric Keys
127
Data Binding
127
Sample Code
130
Data Sealing
132
Sample Code
133
Encrypting Files
136
Summary
138
Chapter 10 The TSS Core Service (TCS)
141
Overview of a TCS
141
How the TCS Manages Finite Resources
142
Further Abstracting the TCS Abstraction
144
Why a TCS Is Exposed Locally and Remotely
144
Utilizing and Implementing a TCS
145
Getting Started
145
Why WSDL Was Chosen
146
Brief Breakdown of the .wsdl File
147
The Header
147
The [ types> Section 148
InParms and OutParms in the Complex Types
149
The Messages
150
The Operations in portType
150
The Operations in the Binding
151
The Service
151
Summary of the WSDL File
151
Using the WSDL File
151
The Ideal Situation
152
Example Using gSOAP
152
Using the gSOAP Stubs
153
Privacy Concerns with the TCS
154
Addressing Privacy
154
Grouping Desirable Functions
154
Summary
155
Chapter 11 Public Key Cryptography Standard #11
157
PKCS#11 Overview
158
A PKCS#11 TPM Token
158
RSA Key Types
158
RSA Key Restrictions
159
Administration
161
Design Requirements
162
openCryptoki's Design
162
Migration
169
Summary
178
Part III: Architectures 179
Chapter 12 Trusted Computing and Secure Storage
181
Linking to Symmetric Algorithms
181
Encrypting Files to Send to Someone Else on the Net Without a Public Key
183
Encrypting Files to Send to Someone Else on the Net with a Known Public Key
190
Encrypting Files for Storage on Your Hard Disk
191
Encrypting Files for Storage on a Group Hard Disk for Group Access
194
Encrypting Files for Storage in a Backup Facility
196
Locking Data to Specific PCs
198
Step 1
198
Step 2
199
Step 3
199
Step 4
199
Content Protection
200
Secure Printing
201
Intranet
201
Internet
202
Secure Faxing
202
Super Secure Migratable Storage
203
Summary
205
Chapter 13 Trusted Computing and Secure Identification
207
Logon Password Storage
208
VPN Endpoints
208
Delegation of Authority
210
Delegation Without Allowing Further Migration
211
Credit Card Endpoints
211
Multiple Users on a Single System
213
Secure Hoteling
214
Creating a PKI with the Endorsement Key
216
Links to Biometrics
218
Links to Smart Cards
220
Smart Memory Cards and TPMs
220
Smart Signing Cards and TPMs
220
Virtual Dongles
221
Trusted Endpoints
221
Medical Solutions for HIPAA Compliance
222
COTS Security Solutions for the Military
225
Working with IP Telephony
226
Working with IPSec
226
Working with Service Meters
227
Working with Network Switches
228
Summary
230
Chapter 14 Administration of Trusted Devices
231
Secure Backup/Maintenance
231
Assignment of Key Certificates
235
Secure Time Reporting
237
Key Recovery
239
TPM Tools
240
Summary
241
Chapter 15 Ancillary Hardware
243
Trusted Path
243
Special Keyboards
244
Trusted Display
246
Summary
247
Chapter 16 Moving from TSS 1.1 to TSS 1.2
249
Certified Migratable Keys
249
Commands
250
Tspi_TPM_CMKSetRestrictions
250
Tspi_Key_CMKCreateBlob
250
Tspi_Key_MigrateKey
251
Tspi_TPM_CMKApproveMA
252
Tspi_TPM_CMKCreateTicket
252
Tspi_Key_CMKConvertMigration
252
Delegation
253
Tspi_TPM_Delegate_AddFamily
255
Tspi_TPM_Delegate_GetFamily
256
Tspi_TPM_Delegate_InvalidateFamily
256
Tspi_TPM_Delegate_CreateDelegation
257
Tspi_TPM_Delegate_CacheOwnerDelegation
257
Tspi_TPM_Delegate_UpdateVerificationCount
258
Tspi_TPM_Delegate_VerifyDelegation
259
Tspi_TPM_Delegate_ReadTables
259
Direct Anonymous Attestation
260
Tspi_TPM_DAA_JoinInit
262
Tspi_TPM_DAA JoinCreateDaaPubKey
263
Tspi_TPM_DAA_JoinStoreCredential
264
Tspi_TPM_DAA_Sign
264
Tspi_TPM_DAA_IssuerKeyVerification
265
Tspi_DAA_IssueSetup
265
Tspi_DAA_IssueInit
266
Tspi_TPM_DAA_Verifylnit
267
Tspi_TPM_DAA_VerifySignature
267
Tspi_TPM_DAA_RevokeSetup
268
Tspi_TPM_DAA_ARDecrypt
268
Locality
269
PCRs—New Behavior
269
NVRAM
270
Commands
271
Tspi_NV_DefineSpace
271
Tspi_NV_ReleaseSpace
271
Tspi_NV_WriteValue
272
Tspi_NV_ReadValue
272
Auditing Functions
273
Tspi_TPM_SetOrdinalAuditStatus
273
Tspi_TPM_GetAuditDigest
274
Monotonic Counter
275
Tspi_TPM_ReadCurrentCounter
275
Tick Counter
276
Tspi_TPM_ReadCurrentTicks
276
Tspi_TPM_TickStampBlob
276
SOAP
277
Transport Session
277
Tspi_Context_SetTransEncryptionKey
278
Tspi_Context_CloseSignTransport
278
Administrative and Convenience Functions
279
Commands
279
Tspi_TPM_CreateRevocableEndorsementKey
279
Tspi_TPM_RevokeEndorsementKey
280
Tcsi_Admin_TSS_SessionPerLocality
281
Tcsi_Admin_TSS_MaxTimePerLocality
282
Tspi_TPM_CheckMaintenancePolicy
282
Tspi_Context_RegisterKey
283
Tspi_Context_UnregisterKey
284
Tspi_TPM_KeyControlOwner
284
Tcsi_EnumRegisteredKeys
285
Tspi_GetRegisteredKeyByUUID
285
Tspi_Context_GetRegisteredKeyByPublicInfo
286
Tspi_Context_GetRegisteredKeysByUUID
287
Tspi_Context_GetRegisteredKeysByUUID2
287
Tspi_EncodeDER_TssBlob
288
Tspi_DecodeBER_TssBlob
289
Example Program
289
Summary
290
Part IV: Appendixes 291
Appendix A TPM Command Reference
293
Appendix B TSS Command Reference
303
Appendix C Function Library
321
Appendix D TSS Functions Grouped by Object and API Level
323
Index 333
David Challener went to work for IBM in East Fishkill after graduating with his Ph.D. in Applied Mathematics from the University of Illinois, (Urbana-Champaign). After helping design the first TPM (representing IBM), he became chair of the TCG TSS committee. When the IBM PC division was sold to Lenovo, he became a Lenovo employee, where he has represented the company on the TCG Technical Committee, TPM workgroup, and many other groups, while continuing to chair the TSS committee. Currently he is the Lenovo Board Member for TCG.

 

Kent Yoder has been working for the IBM Linux® Technology Center since graduating from Purdue University with a degree in Computer Science in 2001. He has represented IBM on the TCG TSS committee and has helped write and maintain TrouSerS, an open-source TSS library that implements the TSS software specification for the TCG TPM hardware.

 

Ryan Catherman was a member of the Trusted Computing Group, including active memberships in the TSS and TPM working groups while employed at IBM. He was also coauthor of the IBM implementation of Trusted Computing software at its inception and originator of Unix versions of this software. Currently, he works for Opsware Incorporated, a recent HP acquisition, and holds a masters degree in Computer Engineering.

 

David Safford is a researcher at IBMs T. J. Watson Research Center in Hawthorne, New York. There he has led security research in numerous areas, including ethical hacking, threat analysis, security engineering, intrusion detection sensors, vulnerability scanning, cryptography, and operating system security. Prior to coming to IBM in 1996, he was Director of Supercomputing and Networking at Texas A&M University, and an A-7 pilot in the United States Navy.

 

Leendert van Doorn is a Senior Fellow at AMD where he runs the software technology office. Before joining AMD he was a senior manager at IBMs T.J. Watson Research Center, where he managed the secure systems and security analysis departments. He received his Ph.D. from the Vrije Universiteit in Amsterdam where he worked on the design and implementation of microkernels. Nowadays his interests are in managed runtime systems, accelerated computing (AMDs name for heterogenous and homogenous manycore computing), security, and virtualization. In his former job at IBM he worked on FIPS 140-2 level 4 physically secure coprocessors, trusted systems, and virtualization. He was also actively involved in IBMs virtualization strategy, created and lead IBMs secure hypervisor and trusted virtual data center initiatives, and was on the board of directors for the Trusted Computing Group. Despite all these distractions, he continued to contribute code to the Xen open-source hypervisor, such as the integrated support code for AMD-V and Intel®VT-x. When conference calls and meetings are getting too much for him, he is known to find refuge at CMU.