Trusted Computing Group

On December 13, Trusted Computing Group security thought leaders, with an Information Week editor, offered updates and thoughts on the future of security beyond traditional PCs. This webcast addressed the concepts of trust in areas including cloud, or multi-tenant infrastructure, computing; embedded devices; and mobile systems. 

 

The session first addressed mobile device security. In a not surprising result, most attendees noted via a quick poll that some sort of security framework for securing mobile devices might be helpful. Chris Daly of GDC4 Systems noted that mobile devices, such as smartphones, tablets and others, face a lot of security threats, and that the growing user dependence on these devices will only increase their potential threat in the enterprise.  Daly also noted that not only are apps vulnerable, attacks such as man-in-the-middle, trojans and others are cause for concern - as is the growing trend to "bring your own device" to the office to do company work.

 

As for solutions, work is still in the early stages, but Trusted Computing Group's Trusted Mobility Solutions Work Group is advocating the use of the root of trust to enable trusted user identity, trusted platform execution and integrity, secure and trusted communications and secure data storage. A root of trust also provides a way to support both enterprise and personal use of a device and to deal with multiple stakeholders of mobile systems. The work group is developing use cases, a reference architecture and implementation guidance. 

 

Moving on to another major security issue, cloud computing, Michael Donovan of HP and the TCG Trusted Multi-tenant Infrastructure Work Group updated attendees on that group's efforts to develop standard ways to enable trust in the various elements of cloud computing. Why trust? Donovan noted that in the cloud, there is no way to verify a trusted computing base. As for TCG's role, he noted that no end-to-end framework for enabling trust and addressing security exists, and that TCG will be addressing trust and security across solutions derived from combining dedicated and shared infrastructures. The WG will deliver not only use cases to address various security requirements but will provide reference models, implementation guidance and other deliverables for real-world use.

 

Wrapping it up, Sung Lee of Wave Systems and TCG's Embedded Systems Work Group talked about securing all those systems that work behind the scenes but might not be a typical computer. These include auto electronics, industrial control and automation, printers and copiers, medical devices and many others - in fact, Lee noted that by 2020, there will be 50 billion devices connected to the Internet. And they are vulnerable to attacks, malware and other security problems. 

 

By incorporating trust into these devices, they can then ensure device integrity, device identity and attestation. TCG's work group focused in this area is following a similar track to the others discussed and will publish additional tools soon. In the meantime, a number of open source and other projects for embedded trusted security are underway.

 

Get the slides or listen to the archived webcast here.