trusted computing

Trusted computing is a broad term that refers to technologies and proposals for resolving computer security problems through hardware enhancements and associated software modifications. Several major hardware manufacturers and software vendors, collectively known as the Trusted Computing Group (TCG), are cooperating in this venture and have come up with specific plans. The TCG develops and promotes specifications for the protection of computer resources from threats posed by malicious entities without infringing on the rights of end users.

Microsoft defines trusted computing by breaking it down into four technologies, all of which require the use of new or improved hardware at the personal computer (PC) level:

• Memory curtaining -- prevents programs from inappropriately reading from or writing to each other's memory.
• Secure input/output (I/O) -- addresses threats from spyware such as keyloggers and programs that capture the contents of a display.
• Sealed storage -- allows computers to securely store encryption keys and other critical data.
• Remote attestation -- detects unauthorized changes to software by generating encrypted certificates for all applications on a PC.

In order to be effective, these measures must be supported by advances and refinements in the software and operating systems (OSs) that PCs use.

Within the larger realm of trusted computing, the trusted computing base (TCB) encompasses everything in a computing system that provides a secure environment. This includes the OS and its standard security mechanisms, computer hardware, physical locations, network resources and prescribed procedures.

The term trusted PC refers to the industry ideal of a PC with built-in security mechanisms that place minimal reliance on the end user to keep the machine and its peripheral devices secure. The intent is that, once effective mechanisms are built into hardware, computer security will be less dependent on the vigilance of individual users and network administrators than it has historically been. Concerns have arisen, however, about possible loss of user privacy and autonomy as a result of such changes.

Read more about trusted computing: - The Electronic Frontier Foundation discusses the promise and risk of trusted computing. - Shane Rau outlines requirements, benefits and market trends relevant to trusted computing. - Roger L. Kay explains how trusted computing can be implemented. - Information about the status of trusted computing can be found at the Trusted Computing Group Web site.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT How to get information security buy-in from the executive team When pitching security to the big bosses, it's important to brush up on public-speaking skills and lay out the case in advance. Mike Rothman gives his... Sound compliance policies, practices reduce legal costs Results of a recent survey show that if large enterprises adhere to compliance best practices, they can significantly trim what they spend on legal... Can home PCs provide a way for viruses and spyware to enter a corporate LAN? When considering allowing remote access to a corporate LAN, security concerns are paramount, especially when corporate security pros have no control...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Honeynet Project  (SearchSecurity.com) single-factor authentication (SFA)  (SearchSecurity.com) Single-factor authentication (SFA) is the traditional security process that requires a user name and password before granting access to the user......