The concept of trusted platforms using trusted computing technology such as the Trusted Platform Module (TPM) is becoming significant in that such technologies are being increasingly available in PCs and mobile devices today. When such trusted platforms are used in applications, one of the key design issues is the ability to capture platform level requirements and to represent them as security policies for authorization decision making. This paper makes some contributions which we believe are an important first step in achieving policy based decision making with trusted platforms. It outlines a platform based trust management framework for specification of trust policies. In this context, we argue the need for a higher level abstraction that is able to capture the lower level state of the platform and use this in the evaluation of trust between the communicating entities. We extend the notion of trusted platform properties by introducing the concept of Component Property Certificates, which can be used in specifying and building trust relationships. We then illustrate how component property certificates can be used in the specification of trust policies of different granularities.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Trusted Computer System Evaluation Criteria (TCSEC). 1985, Dept of Defense.
	2	TCG TPM Main Specification Version 1.1b. 2005, Trusted Computing Group.
	3	Balacheff, B., et al., Trusted Computing Platforms, TCPA Technology in Context, ed. S. Pearson. 2003: Hewlett-Packard Company. 322.
	4	Poritz, J., et al., Property Attestation-Scalable and Privacy-Friendly Security Assessment of Peer Computers, in Technical Report RZ 3548. 2004, IBM Research.
	5	Ahmad-Reza Sadeghi , Christian Stüble, Property-based attestation for computing platforms: caring about properties, not mechanisms, Proceedings of the 2004 workshop on New security paradigms, September 20-23, 2004, Nova Scotia, Canada  [doi>10.1145/1065907.1066038]
	6	Web Services Security: SOAP Message Security 1.1, wss-v1.1-spec-os-SOAPMessageSecurity, C. Kaler, Editor. 2006, OASIS Standard Specification.
	7	Web Services Policy Framework (WS-Policy), Version 1.2. 2006, W3C.
	8	Web Services Trust Language (WS-Trust). 2005, W3C.
	9	Sachiko Yoshihama , Tim Ebringer , Megumi Nakamura , Seiji Munetoh , Hiroshi Maruyama, WS-Attestation: Efficient and Fine-Grained Remote Attestation on Web Services, Proceedings of the IEEE International Conference on Web Services, p.743-750, July 11-15, 2005  [doi>10.1109/ICWS.2005.136]
	10	M. Blaze , J. Feigenbaum , J. Ioannidis , A. Keromytis, The KeyNote Trust-Management System Version 2, RFC Editor, 1999
	11	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	12	Yang-Hua Chu , Joan Feigenbaum , Brian LaMacchia , Paul Resnick , Martin Strauss, Referee: trust management for Web applications, World Wide Web Journal, v.2 n.3, p.127-139, Summer 1997
	13	Amir Herzberg , Yosi Mass , Joris Michaeli , Yiftach Ravid , Dalit Naor, Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.2, May 14-17, 2000
	14	Varadharajan, V. Authorization and Trust Enhanced Security for Distributed Applications. in Seventh International Conference on Information and Communications Security (ICICS). 2005. Beijing, China.
	15	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
	16	eXtensible Access Control Markup Language 3 (XACML) Version 2.0. 2005, OASIS. Enterprise Grid Security Requirements V1.1. 2005, Enterprise Grid Alliance Security Working Group.