Security and Trust Architectures for Protecting Sensitive Data on Commodity Computing Platforms

Marcel Winandy

PhD Thesis, Ruhr-University Bochum, Shaker-Verlag, 2012.


This dissertation investigates how to realize practical security solutions that are able to protect sensitive data on commodity computing platforms. Standard operating systems on commodity platforms are usually insufficient to provide the required protection as they have not been designed with security in mind from the beginning. The main idea of this thesis is to add small trusted components to commodity systems, i.e., a hardware trust anchor and a small trusted software layer. Based on these trusted components, security architectures are built for various application scenarios. Fortunately, the recent incorporation of trusted computing concepts in commodity platforms allows for security functionality embedded directly into the hardware. The Trusted Platform Module (TPM) is one such example. In addition, modern main processors also include support for hardware virtualization. Based on these functionalities as well as recent results in the construction of microkernels, security architectures are designed that end-users can use to protect their systems and their data against a number of threats.


tags: phishing, security architecture, Trusted Computing, Trusted Virtual Domains