Manager: Roderick Bloem
Staff member: Pirker, Toegl, Niederl, et al.
E-Mail: roderick.bloem@iaik.tugraz.at
acTvSM
Advanced Cryptographic Trusted Virtual Security Module
acTvSM is a research project supported by the Austrian programme FIT-IT Trust in IT Systems. The consortium consists of two consorium partners in the area of Graz, namely IAIK and XiTrust. The start of the project is April 2009 and the duration is expected to be 24 months.
Project objectives
Public Key Infrastructures (PKIs) are becoming the global business community's choice for authentication, digital signature and encryption solutions. Trustworthy PKI applications ultimately rely on the secure handling of private key material. A common way to secure the private key material of PKI solutions is to use cost intensive Hardware Security Modules (HSM). During the course of this project we will try to realize a software security module capable of acting as a secure key store, with the benefits of a hardware security module by taking advantage of Trusted Computing technology. Trusted Computing is an evolving concept, which tries to enhance the security of existing platforms against software-based attacks. Although the number of applications is still rather limited in practice, major vendors now ship hardware that implements Trusted Computing concepts. The related field of hardware-supported virtualization has seen a recent renaissance in the commodity PC and server market. This was due its potential to efficiently utilize and share server hardware and to simplify maintenance. A relatively new approach is to employ hardware virtualization to isolate security critical code and to use trusted computing to create a trusted execution environment. A major and sometimes the only possible point of attack for malicious entities are the external interfaces of a security component. Therefore it is imperative to protect them. Based on the encouraging results of formal protocol analysis, new classes of attacks have been discovered in the APIs of security modules. Project acTvSM will tie these technologies together to create and demonstrate a novel class of secure software services. |
Software releases
Software components developed and released by the project are available for free download at the Trusted Computing for the Java Platform website.
Publications
| Proceedings | ||||
|---|---|---|---|---|
| 2011 | Michael Gissing, Ronald Tögl, Martin Pirker - "Management of Integrity-Enforced Virtual Applications" - Secure and Trust Computing, Data Management, and Applications - STA 2011 Workshop Proceedings: STAVE 2011 |  |
 |
 |
| 2011 | Siegfried Podesser, Ronald Tögl - "A Software Architecture for Introducing Trust in Java-Based Clouds" - Secure and Trust Computing, Data Management, and Applications | |
|
|
| 2010 | Martin Pirker, Ronald Tögl, Michael Gissing - "Dynamic Enforcement of Platform Integrity" - Proc. 3rd International Conference on Trust and Trustworthy Computing (TRUST 2010) | |
|
 |
| 2010 | Michael Hutter, Ronald Tögl - "A Trusted Platform Module for Near Field Communication" - Conference on Systems and Networks Communications - ICSNC 2010, 5th International Conference, Nice, France, August 22-27, 2010, Proceedings. | |
 |
|
| 2009 | Martin Pirker, Ronald Tögl - "Sichere Softwaremodule durch Einsatz von Virtualisierung und Trusted Computing" - Tagungsband der 7. Information Security Konferenz | |
|
|
| 2009 | Ronald Tögl - "Tagging the Turtle: Local Attestation for Kiosk Computing " - Advances in Information Security and Assurance | |
|
|
| 2009 | Ronald Tögl, Thomas Winkler, Mohammad Nauman, Theodore Hong - "Towards Platform-Independent Trusted Computing" - STC'09 Proceedings; in CCS 2009 Co-Located Workshops' Compilation Proceedings | |
|
|
| Article | ||||
|---|---|---|---|---|
| 2011 | Ronald Tögl, Michael Hutter - "An Approach to Introducing Locality in Remote Attestation using Near Field Communications" - The journal of supercomputing (Volume: 55) | |
|
|
| 2010 | Martin Pirker, Ronald Tögl - "Towards a Virtual Trusted Platform" - Journal of universal computer science [Elektronische Ressource] (Volume: 16) | |
|
|
| 2010 | Daniel Hein, Ronald Tögl, Stefan Kraxberger - "An Autonomous Attestation Token to Secure Mobile Agents in Disaster Response" - Security and communication networks (Volume: 3) | |
|
|
| Tech report | ||||
|---|---|---|---|---|
| 2010 | Ronald Tögl - "acTvSM Deliverable 4.1.1: API Analysis Scope" | |
|
|
| 2010 | Ronald Tögl, Martin Pirker, Andreas Niederl, Michael Gissing - "acTvSM Deliverable 3.2: Virtual Trusted Platform Prototype" | |
|
|
| 2010 | Ronald Tögl, Martin Pirker, Gerhard Fliess - "acTvSM Deliverable 4.1: Draft API Design" | |
|
|
| 2010 | Martin Pirker, Ronald Tögl, Andreas Niederl - "acTvSM Deliverable 3.1: Virtual Platform Prototype" | |
|
|
| 2010 | Martin Pirker, Ronald Tögl, Georg Lindsberger - "acTvSM Deliverable 2.1: Requirements Specification Report" | |
|
|
| Presentation | ||||
|---|---|---|---|---|
| 2010 | Ronald Tögl - "A Software Architecture for Introducing Trust in Java-based Clouds" (Workshop on Trust in the Cloud, Berlin, 22.06.10) | |
|
|
| 2010 | Ronald Tögl - "The upcoming standard JSR 321: Trusted Computing API for Java" (TCG Members Meeting, Budapest, 16.06.10) | |
|
|
| 2010 | Ronald Tögl - "Construction of a Trusted Virtual Security Module " (4th International Workshop on Analysis of Security APIs, 21.07.10) | |
|
|
| 2010 | Martin Pirker - "Dynamic Enforcement of Platform Integrity" (3rd International Conference on Trust and Trustworthy Computing (TRUST 2010), Berlin, 22.06.10) | |
|
|
| 2010 | Martin Pirker - "Einblicke und Ausblicke zu (Open-Source) Entwicklungen im Bereich Trusted Computing" (LinuxTag 2010, Berlin, 11.06.10) | |
|
|
| 2010 | Ronald Tögl - "A Trusted Platform Module for Near Field Communication" (5th International Conference on Systems and Networks Communications - ICSNC 2010, Nice, 24.08.10) | |
|
|
| 2009 | Ronald Tögl - "Towards Platform-Independent Trusted Computing" (ACM Workshop on Scalable Trusted Computing, Chicago, 13.11.09) | |
|
|
| 2009 | Martin Pirker - "Towards a Virtual Trusted Platform" (4th European Trusted Infrastructure Summer School (ETISS) 2009, 03.09.09) | |
|
|
| 2009 | Martin Pirker - "Sichere Softwaremodule durch Einsatz von Virtualisierung und Trusted Computing" (7. Information Security Konferenz, "Critical Infrastructures", 29.10.09) | |
|
|
| 2009 | Ronald Tögl - "Tagging the Turtle: Local Attestation for Kiosk Computing " (International Conference on Information Security and Assurance, Seoul, 25.06.09) | |
|
|
| Miscellaneous | ||||
|---|---|---|---|---|
| 2010 | Andreas Niederl, Martin Pirker, Ronald Tögl, Michael Gebetsroither, Michael Gissing - "acTvSM virtualization platform" | |
|
|
| 2009 | Martin Pirker, Michael Gissing - "IAIK jTpmTools with Trusted eXecution Technology support" | |
|
|