Trusted Computing (TC) aims at increasing the security of the core Operating Systems (OS). This begins at the lowest level of the platform with a controlled loading of an operating system and goes on level by level, verifying the process after each level. Project development will be based on a hardware root of trust, a security hardware module to support the integrity checks and the storage of keys and other data in a protected chip, referred to as Trusted Platform Module (TPM). A secure hardware architecture is another prerequisite for the project - this will be developed outside the project by AMD and made available to the project. Making security a tangible and affordable enabling technology is of great importance for the deployment of a global security framework. 

The main challenges arise from the complexity of future computer usage in different environments. Totally new areas of threat emerge from new societal applications: the protection of all citizens against violation of ITC related privacy, authentication and identification topics has become an area for which strategic research on security and trust is required.

The framework and technology that will be developed by OpenTC will empower European citizens to realise and exercise their right of informational self-determination, in the context of using trusted, secure and reliable ITC equipment. This fundamental capability is necessary to broaden the public use of ITC without dangers and limitations by malware, treated equipment, possible misuse and attacks from the outside to systems which are more and more the kernel for all future growth and economical development.

Specified objectives of the project

Given the existence of the trusted hardware and secure architecture, OpenTC will aim at the following three objectives:

• Producing a secure operating system
• Developing related protocol software together with the secure operating system
• Developing prototype applications

By integrating these objectives it is possible to build new types of platforms with improved assurances for trust properties. Each workpackage and its content is dedicated to at least one of the specified objectives, and thus the objectives are specified, measurable and verifiable. Below these are described in detail and connected to workpackages addressing them.

The Challenge

It is generally assumed that we can control actions performed by IT systems both in private and professional contexts. We expect our systems to be reliable and resilient to attacks, although there is no reason to take the trustworthiness of our IT systems for granted. Until recently, security was to be achieved by additions such as encryption or anti-virus software. Unfortunately, the ever increasing complexity of IT has led to a regime of automated patch management that is beyond the users’ comprehension. Our trust is on trial on a daily basis due to viruses, worms, spy- and malware that can remotely control our computers. Much internal damage can arise from unauthorised data access and leakage, which may lead to system degradation over time.

In response to these problems, an international standardisation group with the membership of all major computer and software companies, the Trusted Computing Group, was founded in 1999. Since then the standardisation group has been working on a specification for realising Trusted Computing on different platforms. Unfortunately, although the TCG standardised security services of the hardware, it did not define an open standard on how to leverage this hardware for protecting operating systems. TCG technology holds many promises to improve security-related aspects of future IT systems across the board and it has been a matter of considerable public debate. Particularly its potential impact on Open Source software has been discussed. This project constitutes the first effort to show that Trusted Computing can be made compatible with open-source-based developments while enhancing their security. Given the important role of Open Source operating systems and software in Europe, it is of strategic importance that OSS will not be cut out of the advantages offered by TCG mechanisms. The ambitious challenge of the project is designing and implementing a layered system architecture with a TPM at its core that is capable of hosting Linux or other operating systems in protected compartments acting as policy domains.

The Solution

A number of fundamental issues of Trusted Computing can best be addressed by a group of interdisciplinary experts and thus joint expertise contributes to creating Trusted Computing solutions with the best possible principles. A proprietary model is likely to mandate signed proprietary binaries to achieve this goal. An open architecture, on the other hand, will be capable of supporting multiple implementations of such modules that provide equivalent functionality.

Assuming a process of an open security evaluation, the issue of software trustworthiness might be solved by OSS -based systems. Due to the availability of the source code, OSS software lends itself to peer-review and inspection. Thus Trusted Computing will contribute to the strength of Open Source software. A combination of OSS and TC minimises the risk that Trusted Computing is used to the disadvantage of end consumers, as critical components could always be re-implemented. It also allows for a consensus-based design and development process that involves all relevant stakeholders as well as co-operation across national and economic boundaries. Open approach in this context means that the results of the project (design criteria, specifications and code examples) are made public to the interested community. Until now only the results of the specification work about trusted platforms from the Trusted Computing Group was publicly available.

Complementary of TCG specification

The task of the TCG is to define and standardise the lower system layers of a platform, in which hardware based security features allow to establish local centres of trust. The work carried out by TCG does not include the development of Trusted OS, which makes them the most needed components. Thus the project supplements the TCG activities by developing Trusted Operating Systems, which are needed together with the trusted platform for a complete Trusted Computing system. This project will deliver in addition to the specifications of the TCG the know how and construction principles for processors and especially a Trusted OS. Only if the TCG and our trusted OS are brought together and cooperate well, we will have a system of trust and security, which is required for future systems and platforms.

OpenTC understands itself as an R&D and application project, as well as a training and teaching project for TC issues. Our target is to create specialised trusted kernel versions, parts and applications, which use and test the results of the aforementioned virtualisation cooperation from outside the project. It is our aim to gain new experience with applications as well as to take the next step toward TC application on non-PC platforms. Therefore we will investigate and elaborate new user scenarios. The resulting technology and experience will then lead to new and improved standards that will shape the infrastructure specified by the TCG.