Manager: Roderick Bloem
Staff member: Pirker, Toegl, Niederl, et al.
Advanced Cryptographic Trusted Virtual Security Module
acTvSM is a research project supported by the Austrian programme FIT-IT Trust in IT Systems. The consortium consists of two consorium partners in the area of Graz, namely IAIK and XiTrust. The start of the project is April 2009 and the duration is expected to be 24 months.
Public Key Infrastructures (PKIs) are becoming the global business community's choice for authentication, digital signature and encryption solutions. Trustworthy PKI applications ultimately rely on the secure handling of private key material. A common way to secure the private key material of PKI solutions is to use cost intensive Hardware Security Modules (HSM). During the course of this project we will try to realize a software security module capable of acting as a secure key store, with the benefits of a hardware security module by taking advantage of Trusted Computing technology.
Trusted Computing is an evolving concept, which tries to enhance the security of existing platforms against software-based attacks. Although the number of applications is still rather limited in practice, major vendors now ship hardware that implements Trusted Computing concepts. The related field of hardware-supported virtualization has seen a recent renaissance in the commodity PC and server market. This was due its potential to efficiently utilize and share server hardware and to simplify maintenance. A relatively new approach is to employ hardware virtualization to isolate security critical code and to use trusted computing to create a trusted execution environment.
A major and sometimes the only possible point of attack for malicious entities are the external interfaces of a security component. Therefore it is imperative to protect them. Based on the encouraging results of formal protocol analysis, new classes of attacks have been discovered in the APIs of security modules.
Project acTvSM will tie these technologies together to create and demonstrate a novel class of secure software services.
Software components developed and released by the project are available for free download at the Trusted Computing for the Java Platform website.
|2010||Andreas Niederl, Martin Pirker, Ronald Tögl, Michael Gebetsroither, Michael Gissing - "acTvSM virtualization platform"|
|2009||Martin Pirker, Michael Gissing - "IAIK jTpmTools with Trusted eXecution Technology support"|