[Cloud Computing]Mechanisms: Trusted Platform Module
来源:互联网 发布:spool导出数据 编辑:程序博客网 时间:2024/05/18 03:33
Trusted Platform Module
A trusted platform module (TPM) is a tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic operations, such as key generation, and protect small amounts of sensitive information, such as passwords, measurement data for boot software and cryptographic keys. The TPM is used to store platform measurements that help ensure that the platform remains trustworthy. Authentication and attestation are necessary steps to attain trust to a policy-specified level of security assurance.
Figure 1 - An example of a trusted platform module as part of the resource’s hardware.
The compute platform must have a root of trust for measurement (RTM) that is implicitly trusted to provide an accurate validation of the boot code modules. The TPM provides root of trust for reporting and a root of trust storage for the RTMs. The TPM contains a set of registers that contain RTM measurements for launch modules of the boot software. The TPM uses an attestation identity key to sign messages to an attestation service, which must validate the signature and the register contents.
The TPM stores a set of "known good" measurements of boot components that are securely generated and stored. The attestation service stores the results of the platform trusted boot reported by the TPM. Maintenance of the known good measurements for different hypervisors, operating systems and various BIOS software and ensuring they are protected from tampering and spoofing is critical. For instance, based on security requirements, remote BIOS flashing should be disabled and separation of duties (SOD) by multiple administrators should be employed to establish a reasonable level of security assurance.
Related Patterns:
- Cloud Storage Data Placement Compliance Check
- Geotagging
- Hypervisor Protection
- Trust Attestation Service
- Trusted Cloud Resource Pools
- Trusted Platform BIOS
- [Cloud Computing]Mechanisms: Trusted Platform Module
- [Cloud Computing]Mechanisms: Platform Trust Policy
- [Cloud Computing]Mechanisms: Hardware Security Module
- [Cloud Computing]Mechanisms: Certificate
- [Cloud Computing]Mechanisms: Encryption
- [Cloud Computing]Mechanisms: Geotag
- [Cloud Computing]Mechanisms: Honeypot
- [Cloud Computing]Mechanisms: Hypervisor
- [Cloud Computing]Mechanisms: Sandbox
- [Cloud Computing]Mechanisms: Attestation Service
- [Cloud Computing]Mechanisms: Attribute Authority
- [Cloud Computing]Mechanisms: Audit Monitor
- [Cloud Computing]Mechanisms: Certificate Authority
- [Cloud Computing]Mechanisms: Data Transport
- [Cloud Computing]Mechanisms: Digital Signature
- [Cloud Computing]Mechanisms: Failover System
- [Cloud Computing]Mechanisms: Load Balancer
- [Cloud Computing]Mechanisms: LUN Masking
- Linux GUI自动化测试工具x11 GUITest in Linux x86
- 使用Python求一个全排列
- Java HttpConnection Post Json 请求接口修改密码,接收返回值
- CodeForces 372A Counting Kangaroos is Fun袋鼠口袋问题折半搜索
- 动画----补间动画
- [Cloud Computing]Mechanisms: Trusted Platform Module
- Web项目中用mybatis配置多个数据库
- 6174问题
- JAVA(五)Java选择与循环语句
- 【POJ】1328 - Radar Installation(贪心)
- lucene源码分析---8
- Emmet插件神奇用法
- 如何在命令行使用cov-run-desktop
- Nginx负载均衡的4种方案配置实例