OpenTC Newsletter
June 2007

From the Open Trusted Computing (OpenTC) research project, sponsored by the European Union.


In this issue:

Editorial: Why this newsletter?

By: Arnd and Dirk Weber, ITAS, Forschungszentrum Karlsruhe, Germany

Dear reader,

Welcome to the first newsletter of the Open Trusted Computing (OpenTC) project. It was created to inform the interested public about downloadable prototypes, project achievements and other up-to-date information, and it is meant as a mean to start discussions about the underlying issues. We aim to publish this newsletter irregularly during the course of the project.

The Open Trusted Computing (OpenTC) project aims at building a secure hypervisor, using Trusted Computing (TC) technologies. In other words, OpenTC aims at creating a hypervisor for the virtualisation of hardware used by operating systems that are running in different compartments and in parallel, on top of the hypervisor. These compartments, including the hypervisor, are secured using the Trusted Platform Module (TPM). In such an environment, operating systems such as Linux and Windows will be able to run in strongly isolated compartments. Inside the compartments, applications may use TC or not - it will be for the user to choose. The source code of the hypervisor will be published as Open Source Software in order to be transparent, and show to the public what the hypervisor does and how it achieves it.

In this first issue of the OpenTC newsletter, the first article provides a short overview of the project objectives, written by the project leader Dirk Kuhlmann. A larger high level overview of the project is available on the project website: http://www.opentc.net/index.php?option=com_content&task=view&id=14&Itemid=29

The second article, written by Arnd Weber, is a report about one of the first Trusted Computing conferences, that took place in Berlin in October 2006. It provides an overview of some TC applications and highlights some of the key issues debated by the audience.

At the end of the newsletter, we provide two lists of publications that are now available on the OpenTC website. One is a list of consortium "deliverables". These are documents that have been delivered by the OpenTC consortium to the European Commission. A list of scientific publications written by project members is also given. Some of these papers can also be found on the project website, while others are available in journals and in conference proceedings.

About the authors: Arnd and Dirk Weber work with the Institute for Technology Assessment and Systems Analysis (ITAS) at Forschungszentrum Karlsruhe, Germany. They work on requirements and dissemination activities of the OpenTC project.

Contact: {arnd, dirk}.weber at itas.fzk.de


OpenTC - an open approach to trusted virtualisation

By: Dirk Kuhlmann, Hewlett Packard Laboratories, Bristol, UK

Editor's note: This article was originally published in the INDICARE Monitor, a newsletter of the EU-project INDICARE (INformed DIalogue about Consumer Acceptability of DRM Solutions in Europe), on January 2, 2006, licensed under Creative Commons (http://www.indicare.org/tiki-read_article.php?articleId=183).

Introduction

The advent of "Trusted Computing" (TC) technology as specified by the Trusted Computing Group (cf. references) has not met much enthusiasm by the Free/Open Source Software (FOSS) and LINUX communities so far. Despite this fact, FOSS based systems have become the preferred vehicle for much of the academic and industrial research on Trusted Computing. In parallel, a lively public discussion between proponents and critics of TC has dealt with the question of whether the technology and concepts put forward by the TCG are compatible, complementary or potentially detrimental to the prospects of open software development models and products.

Common misconceptions of TC technology are that it implies or favours closed and proprietary systems, reduces options of using arbitrary software, or remotely controls users' computers. It has long been argued, though, that these and similar undesirable effects are by no means unavoidable, not least because the underlying technology is passive and neutral with regard to specific policies. The actual features displayed by TC equipped platforms will almost exclusively be determined by the design of the operating systems and software running on top of it. With appropriate design, implementation and validation of trusted software components, and by using contractual models of negotiating policies, negative effects can be circumvented while improving the system's trust and security properties. This is the intellectual starting point of the EU-supported, collaborative OpenTC research and development project that started in November 2005.

Combining FOSS and TC technology

OpenTC aims to demonstrate that a combination of TC technology and FOSS has several inherent advantages that are hard to meet by any proprietary approach. Enhanced security at the technical level tends to come at the expense of constraining user options, and the discursive nature of FOSS-development could help to find the right balance here. Trusted software components have to be protected from analysis during runtime, so it is highly desirable that their design is documented and that the source code is available to allow for inspection and validation. Finally, any attempts to introduce TC technology are likely to fail without the buy-in of its intended users, and openness could prove to be the most important factor for user acceptance.

OpenTC sets out to support cooperative security models that can be based on platform properties without having to assume the identifiability, personal accountability and reputation of platform owners or users. For reasons of privacy and efficiency, these models could be preferable to those assuming adversarial behaviour from the outset. A policy model based on platform properties, however, requires reliable audit facilities and trustworthy reporting of platform states to both local users and remote peers. The security architecture put forward by the TCG supplies these functions, including a stepwise verification of platform components with an integral, hardware-assisted auditing facility at its root. In OpenTC, this will be used as a basic building block.

Trusted virtualisation and protected execution environments

The goal of the OpenTC architecture is to provide execution environments for whole instances of guest operating systems that communicate to the outside world through reference monitors guarding their information flow properties. The monitors kick into action as soon as an OS instance is started. Typically, the policy enforced by a reference monitor should be immutable during the lifetime of the instance: it can neither be relaxed through actions initiated by the hosted OS nor overridden by system management facilities. In the simplest case, this architecture will allow two independent OS instances to be run, with different grades of security lock-down on an end user system. Such a model, with an unconstrained "green" environment for web browsing, software download and installation, and a tightly guarded "red" side for tax record, banking communications etc., has recently been discussed by Carl Landwehr (2005). More complex configurations are possible and are frequently needed in server scenarios.

OpenTC is borrowing from research on trusted operating systems that goes back as far as 30 years. The underlying principles - isolation and information flow control - have been implemented by several security hardened versions of Linux, and it has been demonstrated that such systems can be integrated with Trusted Computing technology (see e.g. Maruyama et al. 2003). However, the size and complexity of these implementations is a serious challenge for any attempt to seriously evaluate their actual security properties. The limited size of developer communities, and difficulties of understanding and complexity of managing configurations and policies, continue to be road blocks for the deployment of trusted platforms and systems on a wider scale.

Compared to full-blown operating systems, the tasks of virtualisation layers tend to be simpler. This should allow OpenTC to reduce the size of the Trusted Computing Base. The architecture separates management and driver environments from the core system and hosted OS instances. They can either be hosted under stripped-down Linux instances, or they can run as generic tasks of the virtualisation engines. The policy enforced by the monitors is separated from decision and enforcement mechanisms. It is human readable and can therefore be subjected to prior negotiation and explicit agreement.

OpenTC chose (para-)virtualisation as the underlying architecture for a trusted system architecture, which allows standard OS distributions and applications to be run side by side with others that are locked down for specific purposes. This preempts a major concern raised with regard to Trusted Computing, namely, that TC excludes components not vetted by third parties. The OpenTC architecture allows the imposing of constraints on components marked as security critical, while unconstrained components can run in parallel.

OpenTC builds on two virtualisation engines: XEN and L4. Both are available under FOSS licenses and are boosted by active developer and user communities. Currently, it is necessary to compile special versions of Linux that cooperate with the underlying virtualisation layer. However, the development teams will improve their architectures to also support unmodified, out-of-the-box distributions. This will be simplified by hardware support for virtualisation as offered by AMD's and INTEL's new CPU generations. Prototypic results have shown that this hardware support could also allow hosting unmodified operating systems other than Linux (see e.g. Shankland 2005).

From trusted to trustworthy computing

TCG hardware provides basic mechanisms to record and report the startup and runtime state of a platform in an extremely compressed, non-forgeable manner. It allows the creation of a digitally signed list of values that correspond to elements of the platform's Trusted Computing Base. In theory, end users could personally validate each of these components, but this is not a practical option. End users may have to rely on other parties to evaluate and attest that a particular set of values corresponds to a system configuration with a desired behaviour. In this case, their reason to trust will ultimately stem from social trust users put in statements from specific brands, certified public bodies, or peers groups.

A much discussed dilemma arises if trusted components become mandatory prerequisites for consuming certain services. Even if such components are suspicious to the end user, they might still be required by a provider. This problem is particularly pronounced if named components come as binaries only and do not allow for analysis. The recent history of DRM technology has shown that trojans can easily be inserted under the guise of legitimate policy enforcement modules. Clearly, a mechanism that enforces DRM on a specific piece of content acquired by a customer must not assume an implicit permission to sift through the customer's hard disk and report back on other content.

This highlights an important requirement for components that deserve the label "trusted": at least in principle, it should be possible to investigate their actual trustworthiness. A clearly stated description of function and expected behaviour should be an integral part of their distribution, and it should be possible to establish that they do not display behaviour other than that stated in their description - at compile time, runtime, or both. A socially acceptable approach to Trusted Computing will require transparency and open processes. In this respect, a FOSS based approach looks promising, as it might turn openness into a crucial competitive advantage.

The TCG specification is silent on procedures or credentials required before a software component can be called "trusted". OpenTC works on the assumption that defined methodologies, tools, and processes to describe goals and expected behaviour of software components are needed. In this way, it will become possible to check whether their implementation reflects (and is constrained to) their description. Independent replication of tests may be required to arrive at a commonly accepted view of a component's trustworthiness, which in turn requires accessibility of code, design, test plans and environments for the components under scrutiny.

Trust, risk, and freedom

Most of us have little choice but to trust IT systems where more and more things can go wrong, while our actual insight into what is actually happening on our machines gets smaller by the day. Users are facing a situation of having to bear full legal responsibility for actions initiated on or by their machines while lacking the knowledge, tools and support to keep these systems in a state fit for purpose. Due to the growing complexity of our technology, we will increasingly have to rely on technical mechanisms that help us to estimate the risk prior to entering IT based transactions. Enhanced protection, security and isolation features based on TCG technology will become standard elements of proprietary operating systems and software in due time.

This evolution is largely independent of whether FOSS communities endorse or reject this technology. OpenTC assumes that mutual attestation of the platforms' "fitness for purpose" will become necessary for proprietary systems as well as FOSS based ones. The absence of comparable protection mechanisms for non-proprietary operating or software systems will immediately create problems for important segments of professional Linux users. In fact, many commercial, public or governmental entities have chosen non-proprietary software for reasons of transparency and security. These organizations tend to be subjected to stringent compliance regulations requiring state-of-the-art protection mechanisms. If FOSS based solutions do not support these mechanisms, the organizations could eventually be forced to replace their non-proprietary components with proprietary ones: a highly undesirable state of affairs that OpenTC might help to avoid.

From this perspective, the current discussion about the next version of the GNU public license raises serious concerns. Some of the suggested changes could impact on the possibility of combining Trusted Computing technology and Free Software licensed under GPLv3 - this refers to the GPLv3 Draft, status 2006-02-07 16:50 (cf. references). Section 3 of this draft concerns Digital Restrictions Management, a term that has been used by Richard Stallman in discussions about Trusted Computing. For example, the current draft excludes "modes of distribution that deny users that run covered works the full exercise of the legal rights granted by this License". It is an open question whether this might apply to elements of a security architecture such as OpenTC. A Trusted Computing architecture does not constrain the freedom of copying, modifying and sharing works distributed under the GPL. However, it can constrain the option of running modified code as a trusted component, since previously evaluated security properties might have been affected by the modifications. Unless a re-evaluation is performed, the properties of modified versions cannot be derived from the attestation of the original code; security assurances about the original code become invalid.

This is by no means specific to the Trusted Computing approach; it also applies to commercial Linux server distributions with protection profiles evaluated according to the Common Criteria. The source code for the distribution is available, but changing any of the evaluated components results in loss of the certificate. Whether or not software is safe, secure, or trustworthy is independent of the question of how it is licensed and distributed. The option to choose between proprietary and FOSS solutions is an important one and should be kept open. This is one of the reasons why several important industrial FOSS providers and contributors are participating in OpenTC. The project aims at a practical demonstration that Trusted Computing technology and FOSS can complement each other. This is possible in the context of the current GPLv2. Whether it will be so under a new GPLv3 remains to be seen.

References: Disclaimer
The content of this paper is published under the sole responsibility of the author. It does not necessarily reflect the position of HP Laboratories or other OpenTC members.

About the author:
Dirk Kuhlmann is a senior research engineer for Hewlett Packard Laboratories in Bristol, UK, where he works as a member of the Trusted Systems Laboratory. He acts as the overall technical lead for the OpenTC project.

Contact: dirk.kuhlmann at hp.com


Report from the conference "The World of Trusted Computing - Hightech in Europe", Berlin, Germany, October 19-20, 2006

By Arnd Weber, ITAS, Forschungszentrum Karlsruhe, Germany

The German Federal Ministry of Economics and Technology, together with Ruhr-Universitaet Bochum and ISITS (International School of IT Security), organised a conference on the needs of European public and private organisations regarding Trusted Computing (TC) and the future of this global initiative. The conference took place in October 2006 and was sponsored by Hewlett Packard, Sirrix Security Technologies, Computer-Zeitung (a German computer magazine) and Linux Magazin. It was organised in the Ministry's spacious facilities of the former Kaiser Wilhelm-Akademie for military physicians, and was chaired by Ahmad-Reza Sadeghi from Ruhr-Universitaet Bochum (Germany). 85 participants from Europe, Japan, Israel and USA discussed over two days a variety of issues related to TC and its deployment. It is outside the scope of this report to provide a detailed review of the content of all of the 18 talks that were given by speakers from Germany, Belgium, Japan, UK, and US. Instead, three key aspects of the discussions will be highlighted in this article.

The first significant aspect developed during the conference is the high level of security provided by the combination of new processor architectures together with TC technology. David Grawrock from Intel, the originator and editor of the TCG's Best Practices Paper, spoke about the security of the new Intel architecture, formerly referred to as Intel LaGrande Technology and now called Trusted Execution Technology, which contributes to the provision of a trusted platform environment. David Grawrock explained that the new processor architecture (similar to OpenTC partner AMD's AMD-V architecture, formerly called "Pacifica") is aimed at a strict separation of the system kernel and applications by supporting the new virtualisation technology. By making use of TC technology, the new processors should be capable of providing virtualisation similar to mainframe computer task separation. Additionally, the new Intel processors will contain a special functionality block (together with a separate dedicated memory cache module) for measuring code and data structures, one of the main functions in the TCG standards that is currently implemented in the Trusted Platform Module (TPM). Using this architecture, security attacks such as Trojan horses mentioned by Udo Helmbrecht, President of the German Federal Office for Information Security, can hopefully be prevented.

A second aspect discussed during the conference is the topic of the applications of Trusted Computing. The applications mentioned by the speakers can be grouped as follows: A third group of issues debated at the conference comprises open questions raised by the speakers and the participants, such as: Is the debate over Trusted Computing over? Well, if people with differing views such as Peter Biddle from Microsoft and Seth Schoen from the Electronic Frontier Foundation can openly discuss the underlying issues, one can believe that progress is taking place. The number of useful applications as well as the mood of the discussion suggests that the debates have become more objective and less polemical. However, the open issues and the possibility of charging more for software and content by using TC technology means that the topic of Trusted Computing will remain on the agenda, from technical but also political and economic perspectives. Jacques Bus from the European Commission demanded the continuation of the dialogue with all stakeholders.

References: About the author:
Arnd Weber works with the Institute for Technology Assessment and Systems Analysis (ITAS) at Forschungszentrum Karlsruhe, Germany. He acts as editor of this newsletter and leads the work on requirements in the OpenTC project.

Contact: arnd.weber at itas.fzk.de


OpenTC publications available

The OpenTC project has produced several documents related to its various activities. These include public deliverables and scientific publications.

Public deliverables

You can access the public deliverables from the OpenTC project via this webpage: http://www.opentc.net/index.php?option=com_content&task=view&id=27&Itemid=41

The following deliverables are available: Scientific publications

Scientific publications of the project are listed on this webpage: http://www.opentc.net/index.php?option=com_content&task=view&id=27&Itemid=41

Among the scientific publications you can find:

Edited by the Institute for Technology Assessment and Systems Analysis, Forschungszentrum Karlsruhe, Germany, on behalf of the OpenTC research project consortium, in co-operation with all partners. Editor: Arnd Weber, Forschungszentrum Karlsruhe GmbH, ITAS, Hermann-von-Helmholtz-Platz 1, D-76344 Eggenstein-Leopoldshafen, Telephone: + 49 7247 82 3737.
Contact: editor at opentc.net

Disclaimer: The views and opinions expressed in the articles do not necessarily reflect those of the European Commission and the consortium or partners thereof. All articles are regarded as personal statements of the authors and do not necessarily reflect those of the organisation they work for.

The OpenTC-project is a research project supported by the European Commission, project IST-027635. Its 23 partners are: Technikon Forschungs- und Planungsgesellschaft mbH (project coordination, AT); Hewlett-Packard Ltd (technical leader, UK); AMD Saxony LLC & Co. KG (DE); Budapest University of Technology and Economics (HU); Commissariat à l'Énergie Atomique - LIST (FR); COMNEON GmbH (DE); Forschungszentrum Karlsruhe GmbH - ITAS (DE); Horst Goertz Institute for IT Security, Ruhr-Universitaet Bochum (DE); IBM Research GmbH (CH); Infineon Technologies AG (DE); INTEK Closed Joint Stock Company (RU); ISECOM (ES); Katholieke Universiteit Leuven (BE); Politecnico di Torino (IT); Portakal Teknoloji (TR); Royal Holloway, University of London (UK); SUSE Linux Products GmbH (DE); Technische Universitaet Dresden (DE); Technische Universitaet Graz (AT); Technische Universitaet Muenchen (DE); Technical University of Sofia (BR); TUBITAK - UEKAE (TR); and University of Cambridge (UK).

For more information about the project, see: http://www.opentc.net

Feedback to the consortium: http://www.opentc.net/feedback

Archive of newsletters: http://www.opentc.net/newsletter

Subscription: To subscribe or unsubscribe to the newsletter, write an email to or .