Challenges for Trusted Computing

Call for Papers

Research Workshop on Challenges for Trusted Computing

3rd European Trusted Infrastructure Summer School (ETISS 2008)

31st August - 5th September 2008, Oxford, England

http://www.softeng.ox.ac.uk/etiss/

Overview of Research Workshop

Trusted Computing refers to the collection of interrelated and interoperating technologies, which, when combined, help to establish a more secure operating environment on commodity platforms. A fully-realised Trusted Computing platform will allow users to reason about the behaviour of a platform, as well as providing standardised mechanisms to protect sensitive data against software attack.

Trusted Computing has been proposed as a means of enhancing the security of numerous applications. For example, it has been promoted as an adjunct to the digital signature process, to enable secure software download, to support secure single sign-on solutions, to secure peer-to-peer networks, to improve the security and privacy of biometric user authentication, to harden mobile devices, and to facilitate identity management. A number of authors have also considered Trusting Computing's applicability to the agent paradigm, grid security, e-commerce transaction security, and to defend against the ever-growing threat posed by crimeware.

Despite its many potential beneficial applications, Trusted Computing is not without its detractors. Privacy concerns relating to trusted platforms have been raised. The extent to which Trusted Computing could be used to enable and enforce digital rights management, and, more generally, the possible expropriation of platform owner control, are contentious issues. Concerns have also been expressed that Trusted Computing could be used to support censorship, stifle competition between software vendors, facilitate software lock-in, and hinder the deployment and use of open source software, thereby potentially enabling market monopolisation by certain vendors.

The aim of this workshop is not to engage in this debate, but rather to highlight some of the key challenges that we believe need to be addressed in order to accelerate the widespread adoption of Trusted Computing.

Paper Submission

Papers submitted to this workshop should identify and discuss some of the key challenges that need to be addressed if the vision of Trusted Computing is to become reality. Suggested submission topics include, but are not limited to:

Issues with setting up and maintaining the PKI required to support the full set of Trusted Computing functionality. Problems relating to Certification Authority (CA) and credential dependencies, certificate revocation, CA policy and liability may be discussed here.
Issues relating to the collection, verification, interpretation and practical use of attestation evidence as defined by the TCG.
Issues pertaining to trusted platform backwards compatibility due to the piecemeal roll-out of Trusted Computing technologies.
Problems associated with the usability of trusted computing technologies (complexity versus usability).
The issue of non-compliant trusted platforms.
Trusted platform inter-operability problems.
Hardware attacks against TPMs (for example PCR resetting) and TPM revocation.

Important Dates

Paper Submission: 27 July 2008
Author Notification: 5 August 2008
Revised version: 21 August 2008
Workshop: 31 August - 5 September 2008

Workshop Organisers

Shane Balfe, Royal Holloway, University of London.
Eimear Gallery, Royal Holloway, University of London.
Chris Mitchell, Royal Holloway, University of London.
Kenny Paterson, Royal Holloway, University of London.

Instructions for submissions

Authors are hereby invited to submit original papers in pdf (preferably prepared using LaTeX using a single column layout in an 11 pt font) - documents submitted in other formats may not be considered. All papers must be in English, and the length should not exceed 12 pages. Shorter extended abstracts of ongoing research are welcome, since the main goal of the workshop is to discuss ongoing and possible future research. All paper submissions should be sent as email attachments to c.mitchell@rhul.ac.uk.

There will be no proceedings, and accepted papers will be free to be published elsewhere after the workshop. Indeed, 'double' submissions are welcome.

Papers will be evaluated based on their quality and relevance. Each paper will be reviewed by the workshop organisers, whose reviews will be relayed to the corresponding author.

Accepted papers will be presented by their authors at ETISS 2008.