Dirk Kuhlmann, Arnd Weber
OpenTC has produced a succession of proof-of-concept prototypes (PoCs) as part of its technical work. Originally introduced in order to align all project partners towards a tangible goal and common direction, these PoCs quickly turned into vehicles for testing technical alternatives, validating theoretical concepts, guiding the direction of packaging and distribution, and showcasing the state of our work at reviews.
The production of PoC prototypes was not envisaged in OpenTC's initial work plan. Consequently, no deliverables had been defined for covering the related activities. We therefore took the decision to add a deliverable to WP02 that would be mainly dedicated to PoC specific parts of our work work, which is the D02.4 document you are currently reading. We do not just describe the proof-of-concept prototypes, but use them as reference points to summarize the evolution of the OpenTC architecture with regard to components and capabilities. This document also allows us to elaborate on some investigations that were carried out during the final six months of the project and for which no written deliverable was foreseen in the original work plan.
This document should not be confused with the final report for the last period and the for whole duration of the project, respectively. These reports were produced by the management workpackage WP01 and include a detailed overview of activities and achievements in all work packages. In contrast, this report focuses on the Proof-of-Concept prototypes, using them as reference points to describe the progress towards a generic architecture for trusted platforms and infrastructure. Other essential areas of OpenTC's work supporting specific aspects (e.g., validation, concrete applications, mobile and embedded platforms and process organization) are therefore only mentioned in passing. It should be understood that this takes nothing away from their vital importance for the project's progress and success.
More information about the prototypes is available at http://www.opentc.net/, including URLs for downloading the code. As an introduction to the project goals and achievements, the reader is invited to read the project's "OpenTC Final Report" compiled by WP01 . Additional information on the three annual proof-of-concept prototypes [2,3,4], as well as on the other prototypes, is available in the project Deliverables.
OpenTC’s progress during 3½ years of research and development can best be appreciated by recalling its starting point. The project was conceptualized in 2004 in the midst of a controversial debate about Trusted Computing. Potential implications of this technology had initiated an intense public discussion that included official hearings at national and EU level. Critical voices dominated, and only a very small number of academic research institutes where prepared to get involved in a constructive scientific investigation of this area.
Regarding the use of virtualization for improving the security properties of computer platforms, some preceding scientific research on this topic was available, as the basic approach had been pursued more than a decade ago. However, Open Source based hypervisors available to us in 2004 had been built without security as a main focus. Apart from empirical evidence ("it works practically, so the mechanisms can not be completely flawed"), there was little information available on the actual the strength of the isolation mechanism and the quality of their code base. Few thoughts had been spent on methodologies, techniques, and processes that are suitable to evaluate large amounts of operating system code developed under the Open Source paradigm.
First versions of TPM equipped business computers had only just become available. The trusted computing hardware, however, was only included on explicit customer demand, and there existed little, if any, technical support and expertise. There was only limited firmware support for trusted boot which did not matter much because there was no trusted boot loader either. Only rudimentary driver support was available for Linux, however, without tools to interface the Trusted Computing Module. Trusted Computing application programmer interfaces for Linux were in their infancy.
The project's goal was to research and implement components for an Open Trusted Computing framework that should be based on technology defined by the Trusted Computing Group (TCG) and operating system virtualization techniques. Its general aim was to combine low-level mechanisms for isolation of data and execution environments, configuration measurement and attestation to enhance the trust and security properties of standard operating systems, middleware and applications. The general architecture and, if possible, individual components of the framework should be applicable to a variety of platform types. Supporting Linux in particular, practical work addressed the areas of security enhanced OS architectures, of related protocols and software and of applications using TC technology.