A distinctive feature of ETISS has been a programme of research workshops. This year, several different groups are organising these, and details are given below. Most are soliciting informal submissions and presentations.
Workshop 1: Towards Practical Solutions for Attestation and Identity Management
This research workshop will cover novel ideas on how to overcome obstacles that prevent the use of remote attestation in practice. Although a lot of progress has been made in the area of property-based attestation, the ultimate goal – to decide about the trustworthiness of (remote) platforms based on meaningful properties – remains elusive. The aim of this workshop is to present and discuss ideas and aproaches to come closer to this goal.
Organisers: Alaa Abdul-Hadi, Yacine Gasmi, Martin Unger, Hans Löhr, Ahmad-Reza Sadeghi, Patrick Stewin, Ruhr-University Bochum, Germany.
Workshop 2: Challenges for Trusted Computing
The aim of this workshop is to identify and discuss some of the key challenges that need to be addressed if the vision of Trusted Computing is to become reality. Topics that may be addressed include, but are not limited to, issues with setting up and maintaining the PKI required to support the full set of Trusted Computing functionality, the practical use and verification of attestation evidence, backwards compatibility, usability and compliance issues.
Organisers: Shane Balfe, Eimear Gallery, Chris Mitchell, Kenny Paterson, Royal Holloway, University of London.
Workshop 3: Providing Trusted Services Using Trusted Computing
The purpose of this workshop is to elicit research ideas into how service-oriented distributed computing can be enhanced with Trusted Computing technology to provide trusted services. Topics include, but are not limited to, the novel adoption of Trusted Computing functionality, the user interface for a trusted service, methods to translate high-level user service requirements into low-level platform state requirements. It may be the case that Trusted Computing can only provide so much functionality, in which case additional supporting elements may need to be identified.
Instructions for submitting to this workshop can be found at the call for papers.
Organisers: Po-Wah Yau, Allan Tomlinson, Chris Mitchell, Carlo Gebhardt: Royal Holloway, University of London; Ahmad-Reza Sadeghi: Ruhr-University Bochum.
Workshop 4: Requirement Analysis for Mobile Trusted Modules
In mobile trusted computing, there are several open questions. In particular, mobile trusted modules (MTM) can be implemented in different ways. Various approaches how to implement MTMs are subject to ongoing research. The basic approaches are ranging from complete new designs for MTMs based on system-on-chip solutions to the re-use of existing security hardware like smart cards. However, all these approaches have to be evaluated according to security, compliance to the specification, cost-effectiveness etc.
Moreover, commonly used TPMs are implemented in hardware, whereas MTMs, can be implemented in software. Consequently, we can pose the following question: Which requirements does a mobile platform have to fulfill and which features does a platform have to provide in order to offer proper support for software based MTMs?
Modern mobile platforms offer advanced isolation techniques; but is the provided level of hardware isolation and are the provided security features enough to securely implement software based platforms? Furthermore we will focus on the question of which level of isolation is actually required. Consequently, we will analyze the level of security and the security features certain hardware platforms can provide and, if possible, propose which security enhancements should be included in future mobile platforms.
Organisers: Kurt Dietrich, IAIK
Workshop 5: Inter-operable Trusted Computing APIs
The Trusted Computing Group (TCG) has specified the Trusted Platform Module (TPM) to extend legacy computer architectures with a hardware-anchor for security. The TCG architecture contains standards for both, hardware and the accompanying software components. The TCG Software Stack (TSS) is a design that provides a security API for the C language.
This workshop aims at giving API designers and users the opportunity to exchange ideas on the possible different abstractions needed in different scenarios. One way to guarantee inter-operability is defining standards, such as the future TC API for Java (JSR 321). Another important aspect is testing of APIs to conformance to future and existing specifications.
Organiser: Peter Lipp, IAIK