acTVsM! - Advanced Cryptographic Trusted Virtual Security Module

Public Key Infrastructures (PKIs) are becoming the global business community's choice for authentication, digital signature and encryption solutions. Trustworthy PKI applications ultimately rely on the secure handling of private key material. A common way to secure the private key material of PKI solutions is to use cost intensive Hardware Security Modules (HSM). During the course of this project we will try to realize a software security module capable of acting as a secure key store, with the benefits of a hardware security module by taking advantage of Trusted Computing technology. Trusted Computing is an evolving concept, which tries to enhance the security of existing platforms against software-based attacks. Although the number of applications is still rather limited in practice, major vendors now ship hardware that implements Trusted Computing concepts. The related field of hardware-supported virtualization has seen a recent renaissance in the commodity PC and server market. This was due its potential to efficiently utilize and share server hardware and to simplify maintenance. A relatively new approach is to employ hardware virtualization to isolate security critical code and to use trusted computing to create a trusted execution environment. A major and sometimes the only possible point of attack for malicious entities are the external interfaces of a security component. Therefore it is imperative to protect them. Based on the encouraging results of formal protocol analysis, new classes of attacks have been discovered in the APIs of security modules. Project acTvSM will tie these technologies together to create and demonstrate a novel class of secure software services.