Standard personal computers or mobile devices, with an off-the-shelf operating system and all the software that one mainly buys for this system cannot provides adequate security, particularly in the context of digital signatures, eCommerce and eGovernment. Different applications of the same user are not protected from each other and the end-users are confronted with frequent security updates. Moreover, almost all data may nowadays carry executable code that can be invoked without being recognized by computer owners. Hence, it is impossible to administer a standard end-user system such that a critical application is protected from all others.
The PERSEUS trustworthy computing framework provides basic security mechanisms and offers a necessary and sufficient basis for security relevant applications like secure signature generation, home banking, eGovernment and eCommerce applications:
- Secure Booting: Using the features offered by the underlying trusted computing hardware, secure booting ensures that local users and remote clients can verify that a trustworthy software configuration is currently running.
- Isolation: Applications and services are executed on top of the PERSEUS security kernel. Hence, the are securely isolated from each other during runtime and if the underlying platform is shut down, malicious software like viruses or worms can neither violate integrity and confidentiality requirements nor can they infect other code.
- Least Priviledge: Every application, service, or driver has only the rights required for its claimed tasks. This prevents malicious or incorrect code from violating security requirements, e.g., by maliciously accessing other documents, services, or hardware.
- Secure User Interface: The user interface is completely under the control of the trusted computing base. Hence, security features can be implemented that help users to prevent security-critical failures. A visual application authentication mechanism allows users to identify the application they are communicating with and thus protects against Trojan horse attacks like faked dialogs.
- Tamed Drivers: The provided software and/or hardware mechanisms prevent malicious device drivers from using hardware functions (e.g., busmaster DMA) to bypass security measures.