The PERSEUS trustworthy computing framework combines in an innovative way the advantages of a trustworthy open source security kernel with those provided by trusted computing technology:
Trustworthiness: The reduced complexity of the trusted computing base (TCB) decreases the probability of failures during the development and maintenance process, which in turn increases the trustworthiness of the implementation. In addition to this, the proposed architecture allows an cost-effective evaluation according to security standards, e.g., the Common Criteria, because security-critical are change only rarely.
Openness: Due to the open architecture and implementation of security relevant components, this framework has a very high reliability and credibility. Additionally, the open architecture allows necessary updates, improvements, and adaptations of the platform to individual requirements without being dependent on a specific manufacturer. Moreover, the openness of the proposed framework allows both end-users and security experts to evaluate the design and the source code obtaining assurance about the functionalities, e.g., that a system-wide censorship is not provided.
Low-cost portability: Since security-critical components of the platform only depend on the interface provided by the underlying resource management layer, this platform allows a very efficient migration to additional devices, such as PDAs, smart phones and embedded systems. Application examples can be found in new applications of multimedia and information systems, e.g., of the automotive industry.
Future assurance: The architecture we propose is compatible to legacy operating systems. Future impact and importance of trusted-computing-based operating systems is underpinned by the efforts of the existing operating system monopolist Microsoft in the context of its Next-Generation Secure Computing Base (NGSCB). Through an alternative and open platform security-critical applications may, to a reasonable degree, remain independent of operating system manufacturer ensuring the future usage capability of corresponding applications with regards to new demands.
Flexibility: Since modularity is one of the main design goals of the framework, security architectures based on PERSEUS can be configured to perfectly match functional- and security requirements. Derived architectures, for instance, can be with or without TPM's, based on hypervisors or microkernels, and they include only those security services that are required by the appropriate applications.