General activities of OpenTC
A core idea of OpenTC is to combine security properties of TC-hardware and isolation properties of virtualisation in order to build trusted platforms. At the lowest level, TC mechanisms are provided by hardware (by the Trusted Computing Module and state of the art CPUs). The Trusted Computing philosophy dictates that security has to be built bottom up, requiring the translation of trust properties from lower layers to those of higher ones.

Overview of OpenTC - Click to enlarge

Leveraging hardware TC mechanisms for boot loaders and operating systems is the scope of workpackage 3 (WP03, Basic Interfaces and Trust Layers) . This activity includes the development of a basic driver and software stack for Linux, L4, and Xen. Additionally this TC is provided with functions at the application level via PKCS#11. Third, standard cryptographic protocols (SSL and SSH) are integrated with TC mechanisms. Lastly WP03 addresses the issue on how to interface new isolation mechanisms provided by the CPU and I/O interfaces with trusted operating system layers.

The design and implementation of such layers is the goal of workpackage 4 (Trusted OS development) . OpenTC will demonstrate that a common set of basic Trusted Computing mechanisms can be provided in an OS-independent way. We will produce implementations for the Xen and L4 virtualisation layers with a common management interface. The basic management interface developed in this workpackage will support mechanisms that can be used for remote management, and the TC-integrated protocols developed in WP03 will allow doing this securely.

The challenges of how to operate and manage collections or clusters of trusted platforms will be addressed in workpackage 5 (Security Management and Infrastructure) . Its main activities concern methods and protocols for remote attestation of trusted OS kernels, policy, configuration and network management, as well as a key management infrastructure. WP05 is driven by needs that are particularly important for utility computing, GRID-like scenarios and service hosting. However, we expect that many of its results will be applicable to other platform types such as corporate workstations or mobile appliances.

Workpackage 6 (Test/Prototype Applications for Proof-of-Concept and Use Examples) aims at producing proof-of-concept prototypes that exploit low level trust mechanisms at application level for five carefully chosen application scenarios. These include a DRM solution for multimedia based on MPEG-21 Rights Expression Language, a message exchange infrastructure for TC, a proof-o-concept of a Trusted platform WYSIWYS ('What You See Is What You Sign') application, a TC based Encrypted File Service and multi-factor authentication to local and remote computers.

Workpackage 8 (Trusted Computing for embedded controllers and mobile phones) targets TC-use in mobile and embedded devices. WP08 will provide a proof-of-concept for porting one of the trusted OS layers (L4) to a mobile phone base-band controller, exploiting results from all workpackages mentioned before. The singular importance of mobile technology for Europe is accounted for by developing trust and security profiles that reflect the specifics of this application type, and by a thorough investigation of market and standardization requirements in this area.

A core question of Open Trusted Computing is: how can we arrive at an educated decision about whether a software component should be trusted? If we assume that we can successfully implement our design, how can we convince ordinary users that our trusted platform is indeed fit for purpose and trustworthy? Trusted Computing makes this problem particularly important. Workpackage 7 (Software development support, quality evaluation and certification)  investigates the effort necessary to ensure trustworthiness in an officially endorsed way (Common Criteria certification). As a complementary effort, we will explore whether an open methodology (ISECOM’s Open Source Security Testing Methodology) can give guidance to designers, implementers, and independent evaluators. Third, we will exploit practical experience of partners who have certified Open Source software in the past.

The remaining work packages have important supportive functions for the overall success of the proposed project. Relevance, applicability and acceptance of designs and solutions developed have to be tested against market needs, compatibility with existing solutions, and general acceptance. Consequently, Workpackage 9 (Distribution) addresses these questions from the perspective of a commercial distributor of Open Source software with excellent links to customers as well as developer communities. WP10 (Dissemination, Exploitation & Training) is responsible for the standardisation, dissemination & exploitation and training (included by seven out of 23 partners as part of their activities).

Due to the complexity of the overall project, WP02 (Basic specification, general and legal requirements) has been set up to support the technical lead by gathering requirements and by, analyzing, on an on-going basis, non-technical context factors that are crucial for the success chances of the overall project. Finally, WP01 (Project management) deals with issues of practical and technical project management.