Dirk Kuhlmann, Arnd Weber

Open Trusted Computing
D02.3 Requirements Definition and Specification

European Commission, Brussels 2008
[Full text/pdf / 1.318 kb]   [Table of contents]  

The goal of OpenTC is to define and implement an open Trusted Computing framework. This framework builds on the cost efficient and widely deployed "Trusted Platform Module" (TPM) specified by the Trusted Computing Group (TCG) and the new generation of x86 CPUs from AMD and Intel. Main software components of OpenTC are Open Source operating systems and software, supporting Linux in particular.

The architecture is based on security mechanisms provided by low level operating system layers, with isolation properties interfacing the Trusted Computing hardware. These layers make is possible to utilize enhanced trust and security properties for operating systems, middleware, and applications. The suggested architecture is expected to be applicable to different platform types such as servers, workstations and embedded systems.

This document gives an overview of context information, requirements, and high level specifications guiding the direction of OpenTC. Following this introduction, we present results of a small, consortium-internal survey on Trusted Computing. It was conducted to document views and opinions, to share them between the various partners of this large project, and to highlight potential issues to be taken into account during the design phase. The survey provides a context to consider characteristics of potential application scenarios and to discuss implications for the future dialog between the project and the outside world.

In chapter 4, we present the results of a media analysis on the perception of Trusted Computing by the start of the project. Drawing from a variety of sources, we outline and comment major points of discussion that were raised during the public debate. Where possible, we give recommendations on how to address these concerns in OpenTC's design and implementation. Using these results and input from consortium partners, we make suggestions for an application scenario that concerns the protection of electronic transactions of private end-users in their role as consumers.

Application scenarios and use cases have a dual role in OpenTC. On the one hand, they are starting points for determining necessary and desirable features of the overall architecture. On the other hand, they serve as the context to validate project results. Substantial effort has been spent in the first months of the project on investigating suitable application scenarios and defining corresponding use cases. A summarizing description of three use cases can be found in chapter 5. They address recommendations from chapter 4. In addition, they address datacenter and server environments, and enhanced trust and security properties of remote corporate computers connected to corporate networks via the Internet.

The remainder of this report is dedicated to requirements and high level specifications. We outline the structure and interdependencies of OpenTC activities and give a motivation and overview of the general architecture. The following chapters document requirements (Workpackage 2) and high level specifications for each of the technical Workpackages 3 to 8 (Workpackage 1 addresses management, Workpackages 9 and 10 address distribution and dissemination of results).

Determining requirements and specification is a continuous activity. Current findings will be extended and improved, and it is planned to update this report during the course of the project. Public documents that aim to obtain feedback from the interested public are expected to use updated and refined versions of this report as a starting point. This document is the final version of the high-level specification. Detailed up-to-date specifications will be made available on the project server.