posted by Richard Power
Organized by Carnegie Mellon CyLab, co-sponsored by HP Labs and AMD, and the National Science Foundation (NSF), the Trusted Infrastructure Workshop (TIW) was held on the main Carnegie Mellon campus in Pittsburgh, Pennsylvania, for the second consecutive year.
Attending TIW is not for the faint-hearted, or weak-minded. For fifty plus hours, over four and a half days, TIW participants were immersed in an ambitious agenda, including both research workshops, ranging from "Trusted Infrastructure Problem Space and Challenges" (led by HP Labs' Boris Balacheff) to “Chains of Trust and Dynamic Measurements (led by CyLab Technical Director Adrian Perrig) and practical hands-on laboratory sessions, ranging from “TPM” (led by IBM’s Ken Goldman) to “Dynamic Roots of Trust” (led by CyLab’s Jonathan McCune).
TIW 2010 also featured presentations by experts from government, industry and academia (e.g., Microsoft’s Paul England on “TPM.Next”, HP's Mauricio Sanchez on Trusted Networking for Next Generation Data Center, and Wave's Robert Thibadeau on Storage Security) as well as several “Trustworthy Computing 101” sessions, (e.g., CyLab’s Bryan Parno on Bootstrapping Trust 101”).
Much of what is most meaningful at TIW takes place beyond the one-dimensional surface of PowerPoint presentations, and outside the limited model of an active speaker and an audience of passive attendees, who are allowed five or ten minutes for Q & A at the end of the session.
Instead, TIW emphasizes practical, hands-on labs and engaging, in-depth research workshops. The labs provide an invaluable opportunity to immerse oneself in not only the lore but the experience of utilizing real-world tools and performing actual tasks. The research workshops encourage lively debate and the free exchange of ideas and insights.
For example, in the "Roots of Dynamic Trust" Lab, led by CyLab's Jonathan McCune, TIW participants were provided with instructions on how to enable TX in BIOS, invoke a Flicker session, understand the PCR contents and reconstruct the PCR values, using either one of the HP EliteBook 8530p laptops supplied for the Lab sessions, or if they preferred their own laptops.
McCune also led two Research Workshops: "Chains of Trust and Dynamic Measurements" (with Adrian Perrig) and "Toward Practical Attestation."
In "Chains of Trust and Dynamic Measurements," Perrig and McCune offered some insights on "Software-Based Attestation: History, Constructions, Applications, and Current State of Research."
The goal of Software-Based Attestation, as Perrig articulated it in his presentation, is to achieve a dynamic root of trust without hardware support. Next, CyLab's Yanlin Li spoke on "SBAP: Software-Based Attestation for Peripherals," After Li, Markus Jakobsson of FatSkunk spoke on "Practical and Provably Secure Software-Based Attestation" for the mobile environment.
Using these three presentations as a starting point, Perrig, McCune, Li and Jakobsson were joined by CyLab Director Virgil Gligor to interact with TIW participants in a rousing dialogue on wide range of issues in Trustworthy Computing in general, and the subject matter of their presentations in particular.
CyLab’s Bryan Parno spoke on Bootstrapping Trust 101, from a paper written with Adrian Perrig and McCune.
In our increasingly mobile and global computing environment, Parno explained, bootstrapping trust is both necessary and difficult; Parno also identified three challenges in endeavoring to bootstrap trust: hardware assurance, ephemeral software and user interaction.
“Hardware is durable, but can we do better?”
“We care about the software currently in control."
"Many properties matter. But which property matters most?”
Human factors include: “How can the user trust the device? How should attestation be communicated to the user? What does a user do with failed attestation?”
After "Trustworthy Computing 101" concluded, CyLab Director Virgil Gligor led off the main body of TIW 2010, with "A Challenge for Trustworthy Computing," a provocative talk, offering personal perspectives and insights, based on work done in collaboration with Jonathan McCune, Bryan Parno, Adrian Perrig, Amit Vasudevan and Z. Zhou.
“I would like to issue a challenge for Trustworthy Computing," Gligor began, "namely, relevance; that is, relevance to practice. In particular, I emphasize two things: first, the trustworthy computing base has to be immutable, i.e., it has to be as stable as the hardware itself, in order to make a difference in practice; and second, that all the security properties of the trusted base have to be understandable to human users, not just to developers. Without these two things, Trustworthy Computing will see much of the same fate as Trustworthy Computing has seen for roughly last thirty years, it won’t be usable.”
In the course of covering TIW 2010, CyLab Online did a Q & A with two members of the TIW Steering Committe, Ron Perez of AMD and Boris Balacheff of HP Labs.
What do you see as the purpose and significance of TIW?
Boris Balacheff, HP Labs: "The Trusted Infrastructure Workshop (TIW) is intended as an open collaboration, education and innovation platform to bring together researchers and expert technologists from across industry, academia, and government alike. Research in Trusted Infrastructure is key to addressing today's need for information system security that we can trust in a global connected world. But one major challenge in this field lies in the interdisciplinary nature of the research involved to truly advance our ability to build secure, manageable and assured IT infrastructure solutions: from distributed systems to software engineering and software assurance, from hardware architectures to operating systems design, from information management to network design, from user studies to man-machine interface design, the field of trusted infrastructure research requires expertise from across the traditional computing community. It has been a very rich experience to found TIW with CyLab and other partners, and I am very excited to see it flourish. HP Labs Systems Security Lab is committed to rising to these challenges for trusted infrastructure innovation, and my involvement in founding the European Trusted Infrastructure summer school (ETISS - www.etiss.org), and now the TIW, reflect that commitment.”
Could you give me a brief description of the concept and format of the lab portions of the workshop?
Ron Perez, AMD: “TIW is designed to introduce participants to wide range of research and technologies encompassing the entire information technology space in a one week immersive setting. This includes exploration of security for the hardware and software stacks of common computing systems as well as the interaction of those systems in a distributed environment. We include lectures from leading researchers and technologists in various fields including secure hardware, storage, networking, operating systems, virtualization and cloud computing. We conduct laboratory exercises with existing technology building blocks, designed to give participants hands-on experience with existing technologies. We also have several sessions set aside to discuss challenges and promising research in a format that includes short presentations and interactive panel discussions designed to stimulate the workshop participants and encourage them to explore on their own after the workshop. And finally, we provide an environment where students from over twenty five different educational institutions can meet, get to know, and exchange ideas with each other as well as with many others from various companies and government agencies. It is our hope that the networks and relationships formed or started at TIW will result in innovative breakthroughs down the road.
NOTE: We will be posting video from several TIW 2010 sessions to CyBlog, so stay tuned.
See all CyLab Chronicles articles