Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Challenges of Using Trusted Computing for Collaborative Data Processing

: Wagner, Paul G.; Birnstill, Pascal; Beyerer, Jürgen


Mauw, Sjouke (ed.):
Security and Trust Management. 15th International Workshop, STM 2019 : Luxembourg City, Luxembourg, September 26–27, 2019, Proceedings
Cham: Springer International Publishing, 2019 (Lecture Notes in Computer Science 11738)
ISBN: 978-3-030-31510-8
ISBN: 978-3-030-31511-5
ISBN: 3-030-31511-8
ISBN: 978-3-030-31512-2
International Workshop on Security and Trust Management (STM) <15, 2019, Luxembourg>
Conference Paper
Fraunhofer IOSB ()
Trusted computing; Trusted platform modules; Software guard extensions; Usage control; Policy enforcement; Data sharing

In recent years many business processes have become more interconnected than ever before. Driven by the advance of the Internet of Things, companies rely on complex data processing chains that span over many collaborating corporations and across different countries. As a result of this development, automated data acquisition and collaborative data usage is now a foundation of many innovative and successful business models. However, despite having a clear interest in sharing valuable data with other stakeholders, data owners simultaneously need to protect their assets against illegitimate use. In order to accommodate this requirement, existing data sharing solutions contain usage control systems capable of enforcing policies on data even after they have been shared. The integrity of these policy enforcement components is often monitored by a trusted platform module (TPM) on the data receiver’s side. In this work we evaluate the adequacy of TPM-based remote attestation for protecting shared data on foreign systems. In order to do so we develop an attacker model that includes privileged system users and expose attack vectors on TPM-protected data sharing applications. We show that TPMs do not provide sufficient protection against malicious administrators from competing stakeholders. Finally, we describe the advantages of using Intel’s Software Guard Extensions (SGX) to protect shared data in hostile environments and propose an enhanced system architecture that includes both SGX enclaves as well as a classical TPM.