The authenticated boot process introduced by the Trusted Computing Group (TCG) uses binary measurements, i.e., hashes of executables, to give an indication of which software configuration runs on a given computing platform. As the binary measurements change with any software update, sealed data becomes unavailable, too. To solve this and other problems regarding binary measurements, the concept ofproperty-based attestation has been introduced.

In this paper we show how to realize both property-based attestation and property-based sealing using existing TCG-enabled hard- and software. The main idea is that an enhanced boot loader translates between binary measurements and properties, allowing to attest properties of unmodified operating systems loaded. Moreover, applications running on top of this operating system can use existing mechanisms, e.g., an existing Trusted Software Stack (TSS) implementation, to seal data to properties instead of binary hash values

One cornerstone of our proposal is the ability to also revoke the translation of certain binary measurements into properties in case of identified security problems. Our proposal is ideally suited for enterprise environments having a centralized IT-management infrastructure and scales well with the number of participating clients.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	AMD. AMD64 virtualization codenamed "Pacifica" technology - secure virtual machine architecture reference manual. Technical Report Publication Number 33047, Revision 3.01, AMD, May 2005.
	2	Liqun Chen , Rainer Landfermann , Hans Löhr , Markus Rohe , Ahmad-Reza Sadeghi , Christian Stüble, A protocol for property-based attestation, Proceedings of the first ACM workshop on Scalable trusted computing, November 03-03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1179474.1179479]
	3	EMSCB Project Consortium. The European Multilaterally Secure Computing Base (EMSCB) project. http://www.emscb.org, 2004.
	4	Intel Corporation. Intel trusted execution technology - preliminary architecture specification. Technical Report Document Number: 31516803, Intel Corporation, 2006.
	5	U. Kühn, K. Kursawe, S. Lucks, A.-R. Sadeghi, and C. Stüble. Secure data management in trusted computing. In J. R. Rao and B. Sunar, editors, Cryptographic Hardware and Embedded Systems - CHES 2005, volume 3659 of Lecture Notes in Computer Science, pages 324--338. Springer-Verlag, Berlin Germany, 2005
	6	Microsoft Corporation. Secure startup-full volume encryption: Technical overview. Technical report, Microsoft Corporation, Apr. 2005.
	7	B. Pfitzmann, J. Riordan, C. Stüble, M. Waidner, A. Weber The PERSEUS System Architecture. Technical Report RZ 3335, IBM Research, April 2001.
	8	J. Poritz, M. Schunter, E. Van Herreweghen, and M. Waidner. Property attestation - scalable and privacy-friendly security assessment of peer computers. Technical Report RZ 3548, IBM Research, May 2004.
	9	Ahmad-Reza Sadeghi , Christian Stüble, Property-based attestation for computing platforms: caring about properties, not mechanisms, Proceedings of the 2004 workshop on New security paradigms, September 20-23, 2004, Nova Scotia, Canada  [doi>10.1145/1065907.1066038]
	10	A.-R. Sadeghi, C. Stüble and N. Pohlmann. European Multilateral Secure Computing Base - Open Trusted Computing for You and Me. In Datenschutz und Datensicherheit (DuD), Vieweg Verlag, Germany, 2004.
	11	The OTC Project Consortium. The Open Trusted Computing (OTC) project. http://www.opentc.net, 2005.
	12	Trusted Computing Group. TCG PC-client specific implementation for conventional BIOS version 1.20 FINAL. Technical report, Trusted Computing Group, Incorporated, July 2005.
	13	Trusted Computing Group. TPM main specification. Main Specification Version 1.2 rev. 103, Trusted Computing Group, July 2007.
	14	Trusted Computing Platform Alliance (TCPA). TCPA PC-specific implementation specification, Sept. 2001. Version 1.00.
	15	Trusted Computing Platform Alliance (TCPA). Main specification, Feb. 2002. Version 1.1b.