A Secure and Reliable Bootstrap Architecture：一种安全可靠的自举架构.ppt

A Secure and Reliable Bootstrap Architecture - AEGISWilliam A. ArbaughDavid J. FarberJonathan M. SmithPresented by Vytautas ValanciusClaims?Secure bootstrap will work modity hardware?Failed software will be restored?Boot process is guaranteed to end up in secure state?BIOS is promised?There is signature for ponent in a system?ponent is able to check its children?There is connectivity to work hostAssumptionsSecure Boot Process?Level 0 is trusted?Level n checks Level n+1?Level n needs to store hashes for Level n+1?Level n does not check Level n-1!Flaws (or Features?)?Level n does not check Level n-1–User trusts the hardware but how about OS??Why asymmetric keys are not used??How do we manage hashes?–How do we make such management secure??How do we work recovery secure??Where do we go next?puting Platform?Explored by Michael a week ago?PKI has taken a tangible role?Level n checks Level n-1?Uses:–Sealing, Binding?Windows Vista Bitlocker, Linux Enforcer–Remote Attestation?Microsoft Next-Generation puting puting?Possible uses:–MS Office can encrypt your files?So that only trusted software can open them–Data sent by you is read only by trusted entities?Or entities that your employer trusts–Content can be revoked ?Injunctions can be eas