Over the past years, the computing industry has started various initiatives announced to increase computer security by means of new hardware architectures. The most notable effort is the Trusted Computing Group (TCG) and the Next-Generation Secure Computing Base (NGSCB). This technology offers useful new functionalities as the possibility to verify the integrity of a platform (attestation) or binding quantities on a specific platform (sealing).In this paper, we point out the deficiencies of the attestation and sealing functionalities proposed by the existing specification of the TCG: we show that these mechanisms can be misused to discriminate certain platforms, i.e., their operating systems and consequently the corresponding vendors. A particular problem in this context is that of managing the multitude of possible configurations. Moreover, we highlight other shortcomings related to the attestation, namely system updates and backup. Clearly, the consequences caused by these problems lead to an unsatisfactory situation both for the private and business branch, and to an unbalanced market when such platforms are in wide use.To overcome these problems generally, we propose a completely new approach: the attestation of a platform should not depend on the specific software or/and hardware (configuration) as it is today's practice but only on the "properties" that the platform offers. Thus, a property-based attestation should only verify whether these properties are sufficient to fulfill certain (security) requirements of the party who asks for attestation. We propose and discuss a variety of solutions based on the existing Trusted Computing (TC) functionality. We also demonstrate, how a property-based attestation protocol can be realized based on the existing TC hardware such as a Trusted Platform Module (TPM).

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	ACM. Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP'03), Bolton Landing, NY, USA, Oct. 2003.
	2	R. J. Anderson. Security in open versus closed systems --- the dance of Boltzmann, Coase and Moore. Technical report, Cambridge University, England, 2002.
	3	A. W. Appel and E. W. Felten. Models for security policies in proof-carrying code. Technical Report TR-636-01, Princeton University, Computer Science, Mar. 2001.
	4	Bill Arbaugh, Improving the TCPA Specification, Computer, v.35 n.8, p.77-79, August 2002  [doi>10.1109/MC.2002.1023792]
	5	W. A. Arbaugh, A. D. Keromytis, D. J. Farber, and J. M. Smith. Automated recovery in a secure bootstrap process. In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS '98), pages 155--167, San Diego, California, Mar. 1998. Internet Society.
	6	Giuseppe Ateniese , Jan Camenisch , Marc Joye , Gene Tsudik, A Practical and Provably Secure Coalition-Resistant Group Signature Scheme, Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology, p.255-270, August 20-24, 2000
	7	Jan Camenisch , Els Van Herreweghen, Design and implementation of the idemix anonymous credential system, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA  [doi>10.1145/586110.586114]
	8	D. Chaum, and E. van Heijst. Group signatures. In D. Davies, editor, Advances in Cryptology - EUROCRYPT '91, volume 547 of Lecture Notes in Computer Science, pages 257--265. International Association for Cryptologic Research, Springer-Verlag, Berlin Germany, 1991.
	9	Common Criteria Project Sponsoring Organisations. Common Criteria for Information Technology Security Evaluation, Aug. 1999. Version 2.1, adopted by ISO/IEC as ISO/IEC International Standard (IS) 15408 1-3. Available from http://csrc.ncsl.nist.gov/cc/ccv20/ccv2list.htm.
	10	Paul England , Butler Lampson , John Manferdelli , Marcus Peinado , Bryan Willman, A Trusted Open Platform, Computer, v.36 n.7, p.55-62, July 2003  [doi>10.1109/MC.2003.1212691]
	11	Tal Garfinkel , Ben Pfaff , Jim Chow , Mendel Rosenblum , Dan Boneh, Terra: a virtual machine-based platform for trusted computing, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	12	Oded Goldreich , Silvio Micali , Avi Wigderson, Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems, Journal of the ACM (JACM), v.38 n.3, p.690-728, July 1991  [doi>10.1145/116825.116852]
	13	T. C. Group. TCG software stack specification. http://trustedcomputinggroup.org, Aug. 2003. Version 1.1.
	14	T. C. Group. TPM main specification. http://www.trustedcomputinggroup.org, Nov. 2003. Version 1.2.
	15	Naomaru Itoi , William A. Arbaugh , Samuela J. Pollack , Daniel M. Reeves, Personal Secure Booting, Proceedings of the 6th Australasian Conference on Information Security and Privacy, p.130-144, July 11-13, 2001
	16	K. Kursawe and C. Stüble. Improving end-user security and trustworthiness of TCG platforms. Presented and basis for the panel discussion about TCG at the 33. GI-Fachtagung, Frankfurt, http://www.prosec.rub.de/Publications/KurStu2003.pdf.
	17	N. S. Laboratory. Secure hash standard. Federal Information Processing Standards Publication (FIPS PUB) 180-1, Apr. 1995.
	18	David Lie , Chandramohan A. Thekkath , Mark Horowitz, Implementing an untrusted operating system on trusted hardware, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	19	Jochen Liedtke, Improving IPC by kernel design, Proceedings of the fourteenth ACM symposium on Operating systems principles, p.175-188, December 05-08, 1993, Asheville, North Carolina, United States
	20	Microsoft Corporation. Building a secure platform for trustworthy computing. White paper, Microsoft Corporation, Dec. 2002.
	21	C. Mundie, P. de Vries, P. Haynes, and M. Corwine. Microsoft whitepaper on trustworthy computing. Technical report, Microsoft Corporation, Oct. 2002.
	22	George C. Necula, Proof-carrying code, Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.106-119, January 15-17, 1997, Paris, France  [doi>10.1145/263699.263712]
	23	George C. Necula , Peter Lee, Safe kernel extensions without run-time checking, Proceedings of the second USENIX symposium on Operating systems design and implementation, p.229-243, October 29-November 01, 1996, Seattle, Washington, United States
	24	George C. Necula , Peter Lee, The design and implementation of a certifying compiler, Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation, p.333-344, June 17-19, 1998, Montreal, Quebec, Canada
	25	B. Pfitzmann, J. Riordan, C. Stüble, M. Waidner, and A. Weber. The PERSEUS system architecture. In D. Fox, M. Köhntopp, and A. Pfitzmann, editors, VIS 2001, Sicherheit in komplexen IT-Infrastrukturen, DuD Fachbeiträge, pages 1--18. Vieweg Verlag, 2001.
	26	B. Pfitzmann, J. Riordan, C. Stüble, M. Waidner, and A. Weber. The PERSEUS system architecture. Technical Report RZ 3335 (#93381), IBM Research Division, Zurich Laboratory, Apr. 2001.
	27	A.-R. Sadeghi and C. Stüble. Bridging the gap between TCPA/Palladium and personal security. Technical report, Saarland University, Germany, 2003.
	28	A.-R. Sadeghi and C. Stüble. Taming "trusted computing" by operating system design. In Information Security Applications, volume 2908 of Lecture Notes in Computer Science, pages 286--302. Springer-Verlag, Berlin Germany, 2003.
	29	D. Safford. Clarifying misinformation on TCPA. White paper, IBM Research, Oct. 2002.
	30	D. Safford. The need for TCPA. White paper, IBM Research, Oct. 2002.
	31	R. Sailer, X. Zhang, T. Jaeger, and L. V. Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 11th USENIX Security Symposium. USENIX, Aug. 2004.
	32	R. Sailer, X. Zhang, T. Jaeger, and L. V. Doorn. Design and implementation of a TCG-based integrity measurement architecture. Research Report RC23064, IBM Research, Jan. 2004.
	33	B. Schneier. Palladium and the TCPA. http://www.counterpane.com/crypto-gram-0208.html#1
	34	Trusted Computing Platform Alliance (TCPA). Main specification, Feb. 2002. Version 1.1b.
	35	J. Tygar and B. Yee. Dyad: a system using physically secure coprocessors. In Technological Strategies for Protecting Intellectual Property in the Networked Multimedia Environment, The Journal of the Interactive Multimedia Association Intellectual Property Project, Coalition for Networked Information, pages 121--152, MIT, Program on Digital Open High-Resolution Systems, Jan. 1994. Interactive Multimedia Association, John F. Kennedy School of Government.