2nd Workshop on Recent Advances on Intrusion-Tolerant Systems
WRAITS 2008
In conjunction with the European Conference on Computer Systems - EuroSys 2008
April 1st, 2008
Invited Talk:
Turtles All the Way Down: Research Challenges in User-Based Attestation
Jonathan M. McCune
Carnegie Mellon University
Abstract:
Current trusted computing technologies allow computing devices to verify each
other using attestation, but in a networked world, there is no reason to trust
one computing device any more than another. Treating these devices as turtles,
the user who seeks a trustworthy system from which to verify others quickly
realizes that it's "turtles all the way down" because of the endless loop of
trust dependencies. We need to provide the user with one initial turtle (the
iTurtle) which is axiomatically trustworthy, thereby breaking the dependency
loop. Further, the size of the software trusted computing base on today's
computing devices is overwhelming. We argue that a mechanism for reducing the
size is essential for extracting meaning from attestations and enabling an
iTurtle to do its job. This talk will present some of the research challenges
involved in designing and using an iTurtle, and in architecting systems to
provide meaningful attestations to an iTurtle.