A cluster of patterns for trusted computing

Abstract

The proliferation of Internet of Things and cyberphysical systems has introduced unprecedented challenges in ensuring the integrity and confidentiality of critical data, making robust security mechanisms essential. There are several mechanisms intended to assure trust with respect to the software loaded into the system and the trustworthiness of the boot process. These mechanisms start from a Root of Trust (RoT), from where all the other trusts, e.g., for components and software are derived. As part of the RoT, a Secure Storage is needed. This Secure Storage can be considered as part of the RoT or considered a separate component. After a RoT is established, a Trusted Boot can be performed. The execution of computational processes can then be supported by using separate execution zones (Zone Isolation). More complex trust functions such as remote attestation can be performed by a Trusted Platform Module (TPM). In this paper, we propose security patterns for these components. The abstraction power of patterns can be used to define the basic aspects that each of these components must have, thus serving as reference for designers and for security evaluation.