Design for Sensing the Boot Type of a Trusted Platform Module Enabled Computer.

摘要

Modern network technologies were not designed for high assurance applications. As the DOD moves towards implementing the Global Information Grid (GIG), hardened networks architectures will be required. The Monterey Security Architecture (MYSEA) is one such project. This work addresses the issue of object reuse as it pertains to volatile memory spaces in untrusted MYSEA clients. When a MYSEA client changes confidentiality levels, it is possible that classified material remains in volatile system memory. If the system is not power cycled before the next the login, an attacker could retrieve sensitive information from the previous session. This thesis presents a conceptual design to protect against such an attack. A processor may undergo a hard or soft reboot. The proposed design uses a secure coprocessor to sense the reboot type of the host platform. In addition, a count is kept of the number of hard reboots the host platform has undergone. Using services provided by the secure coprocessor, the host platform can trustfully attest to a remote entity that it has undergone a hard reboot. This addresses the MYSEA object reuse problem. The design was tested using the CPU simulator software SimpleScalar.