ARMing the Trusted Platform Module pro-active system integrity monitoring focussing on peer system notification

摘要

The concept of Trusted Computing offers a hardware platform based on which the integrity of IT systems is verified using a structured file-based signature hierarchy of all executable system components - from BIOS boot up to the execution of any user application. Current implementations detect integrity breaches at firmware and at file level so that suitable counter measures on a Trusted Computing system may be taken in almost real-time. This information - so far - either remains stored locally or in best case is forwarded at application layer leaving enough time for a smart malware to infect a peering system or to compromise application level communication. This paper introduces a new pro-active concept of integrity monitoring and reporting using the Trusted Platform Module to supervise the integrity of a system focusing on incident reporting to peering systems at link layer. For this concept we suggest the enhancement of the Trusted Platform Module by a new Attack Recognition Module to monitor a system in real time and to reliably notify peering systems about any integrity breach detected.