Enjoy!

There will be a number of talks from various experts with relationships with the Trusted Computing Group, so expect the TCG’s Opal full disk encryption standard to feature, with particular reference to how the standard may be applied to the solid state world.

I agree with most of his criticisms, and I’ve chucked in my two cents. Please pay him a visit too.

The joint prototype will run on readily available N900 mobile hardware and integrate the Sirrix Turaya Security Kernel (encryption, VPN, MTM/attestation, and trusted GUI) with the OK Labs OKL4 Microvisor to host the Sirrix Trusted Mobile Desktop alongside Android, Linux, and other guest operating systems in OKL4 secure cells.

The N900 is Nokia’s Maemo-based mobile computer that can make phone calls.

The new platform was displayed at Trust 2010: the Third International Conference on Trust and Trustworthy Computing in Berlin, June 21-23, where Sirrix also presented a paper entitled "Toward a Trusted Mobile Desktop" describing their research.

Oh! I just noticed that they include MTM/Attestation! With a bit of luck, I’ll be at Trust 2011 where I hope I can see a finished product.

In the envisioned identity ecosystem individuals, organizations, services, and devices would be able to trust each other because authoritative sources establish and authenticate their digital identities.

At the consumer end, the trusted identity may be held in smart cards, USB drives, mobile devices, software certificates or Trusted Platform Modules. (The article uses the phrase "trusted computing module", which when capitalised is actually the Chinese version of a TPM, but let’s ignore that!)

It’s an interesting article and well worth reading, as is a related post on the official White House blog.

One of the conclusions of the in-depth analysis was that unlike software encryption, the performance of SEDs was comparable to standard drives in all cases. As a result, “there is simply no incentive for users to remove or bypass the encryption, even if it were possible.”

This chapter provides an overview of a few hardware security architectures (in handsets) to introduce the reader to the problem domain. The main focus of the text is in introducing the MTM specification – by first presenting its main functional concepts, and then by adapting it to one of the hardware architectures first described, essentially presenting a plausible practical deployment. The author also presents a brief security analysis of the MTM component, and a few novel ideas regarding how the (mobile) trusted module can be extended, and be made more versatile.

I’ve placed a request for this book in our office library, as the preface sounds like there’s a lot of interesting coverage of the current state of the art in Trusted Computing.

Bunker-V is focused on reducing the TCB [Trusted Computing Base] attack surface by minimizing the interface between the TCB and guest VMs by eliminating unnecessary virtual devices. Microsoft says that this approach can reduce the TCB by 79% while retaining high performance for legacy OSes.

Seems to be a topic that is worth following.

• A PhD in a discipline relevant to information security.
• Experience of security management in large organisations.
• Deep knowledge of at least one area of significance to security management, e.g. network security, economics of security, systems architecture, trusted computing, operating system security, security policy, privacy, security of distributed systems, security modelling, information security, threats.
• Strong communication skills.

I know a couple of the guys at HP Bristol and I’ve read papers by a few others of them, so I think it would be a pretty awesome place to work; if I was in the UK I’d be sorely tempted to apply.