An Application-Oriented Efficient Encapsulation System for Trusted Software Development

Trusted computing provides an efficient and practical way out for system security problems based on a trusted hardware, namely the root of trust, e.g., Trusted Platform Module TPM, Trusted Cryptographic Module TCM, Trusted Platform Control Module TPCM, so on and so forth. However, current applications calling for trusted functions have to use either the user-space trusted interfaces e.g., Trusted Software Stack TSS API or to implement customized APIs on top of the trusted hardware driver; both of them are well known of steep learning curve, which indicates error prone and low-efficient development and complex maintenance for the application of trusted software. This paper presents a new trusted encapsulation architecture and the proof-of-concept system with the aim to mitigate the gap between the current obscure trusted APIs and the actual trusted applications for trusted software development. Our system can provide high-level and much simplified trusted transaction interfaces for user applications, which can rapidly reduce the development and maintenance work for the developers and users without too much performance costs. We also present a secure remote login use-case using mainly the binding and unbinding trusted functions of our trusted encapsulation architecture.