Dynamic trust enhanced security model for trusted platform based services

Binary attestation in trusted computing platforms provide the ability to reason about the state of a system using hash measurements. Property based attestation, an extension of binary attestation enables more meaningful attestation by abstracting low level binary values to high level security properties or functions of systems. In this paper, we propose TESM: A Trust Enhanced Secure Model for trusted computing platforms. We argue that given the nature of both binary and property based attestation mechanisms, an attestation requester cannot be absolutely certain if an attesting platform will behave as it is expected to behave. TESM uses a hybrid trust model based on subjective logic to combine ‘hard’ trust from measurements and properties and ‘soft’ trust from past experiences and recommendations to reduce such uncertainties. We believe that such a model will enable better reasoning about the trustworthiness of attesting platforms and thereby facilitate better security decision making.

Research highlights► We propose a Trust Enhanced Security Model (TESM) for trusted computing platforms. ► TESM aims to reduce uncertainties that arise during attestation of platforms. ► It combines the notion of hard and soft trust to determine overall platform trust. ► It proposes evidence collection, trust evaluation and trust comparison operations. ► Trust decisions are based on direct, recommended and/or derived trust thresholds.