Ｒｅｐｏｒｔ ｏｎ １ｓｔ Ａｓｉａ－Ｐａｃｉｆｉｃ Ｓｕｍｍｅｒ Ｓｃｈｏｏｌ ｏｎ Ｔｒｕｓｔｅｄ Ｉｎｆｒａｓｔｒｕｃｔｕｒｅ Ｔｅｃｈｎｏｌｏｇｉｅｓ （ＡＰＴＩＳＳ’０７）

Our banner in the hotel lobby

Report on 1st Asia-Pacific Summer School on Trusted Infrastructure Technologies (APTISS'07)was held during the week of August 20-24， at the International Conference Center Hotel， City of ZhuHai， GuangDong Province， China.

Altogether 100 people participated in the School， including 64 fully sponsored graduate school students from universities and academic institutes all over China researching in related areas. The School organized a program of 15 lectures provided by world renowned academic researchers in the area， guru architects from the standard specification body---Trusted Computing Group， and the industry's leading developers. It was reckoned by all participants including lecturers that the program had a cross-spectrum coverage of topics (to be covered with more detail in \"Main Course\" below).

The \"Main Course\" Monday， August 20， 2007

Opening Addresses

The Organization Committee Members addressed the opening of the School. Dr Wenbo Mao of EMC Research China opened the School with an introduction to the background and the organization of the School. Professor Hideki Imai of Japanese National Institute of Advanced Science and Technology made a welcome address with an introduction to JAIST. Mr Richard Brown of HP Labs Bristol made a welcome address as the major sponsor with an introduction to the security research program conducted at Hewlett-Packard Laboratories. Finally， Mr Qiou Shi， the head of the Technology Commission， the municipal government of ZhuHai， welcomed the participants to ZhuHai and wished the School success.

Lesson 1: \"Trusted Computing Fundamentals\" by Graeme Proudler (Hewlett-Packard Laboratories， Bristol)

This is an introduction to Trusted Computing for students who enter the area for the first time. Like many past occasions of Graeme's this talk， the original TCG visions and notions must be introduced (Exact meaning of \"Trust\"， Trusted Platform Module， Roots-of-Trust， Platform Measurement， Attestation， etc). However， this time Graeme made an unusual reference to \"Virtualization\" using \"HyperVisor\" or \"Virtual Machine Monitor (VMM)\" techniques. This proved to be an important introduction: this Summer School put a significant emphasis on the virtualization techniques. In the rest of the week， \"hypervisor\" and \"VMM\" were almost as frequently used words as \"Root of Trust\"， \"TPM\"， \"Platform Configuration Register (PCR)\"， or \"Attestation\". One important point that Graeme managed to get it over to the audience is the exact meaning of trust in Trusted Computing: \"it's a conformed behavior that a computing platform is expected to stick to， nothing to do with whether the behavior is good or bad\".

The School started in Lesson 1 to be quite interactive: one notion got much discussed during Graeme's talk was whether there is a need of a platform certificate over a TPM certificate. This need seemed not well understood by the student who questioned this in Lesson 1 even after much on-line discussions. However， in the later lecturers this need was gradually manifested and seemed got accepted. Live discussions in conference sessions are not usual for many Chinese students most of whom have attended only national conferences in China. However as the School lecturers were conducted with deliberate on-line discussions， many students tried to be very active and they expressed their appreciations on this way of conducting the School.

Lesson 2: \"Innovative Applications of Trusted Computing Platform\" by Professor Robert Deng (Singapore Management University)

In this talk Prof Deng described three very interesting applications of Trusted Computing in cryptographic protocols. Many fascinating problems previously have cryptographic protocols solutions. For example: Private Information Retrieval (PIR) which is a cryptographic protocol between a database querier and the database server to achieve such a manner that the querier retrieves a data entry without the server knowing what the entry is. So far for PIR cryptographic protocols solutions are all so complex in computation or communication bandwidth that make a PIR service impractical. Prof Deng described that assuming a Trusted Computing Base (TCB) running at the server， one can design a much simpler and more practical PIR protocol. Besides PIR， Prof Deng also illustrated two other interesting cryptographic applications.

Lesson 3: \"Trusted Computing Group Presentation\" by Graeme Proudler (Chair of TCG Technical Committee)

Now Graeme puts on his other hat of the Chair of TCG Technical Committee. This is another good introduction talk which is very suitable for students studying/researching in various areas of IT security. The talk included the history and background of TCG， its mission， structure， charter， development， coverage of technology areas， way of operation and an update on TCG's plan for future works. Graeme also introduced TCG's academic program: an academic establishment (e.g.， an university department) can become a member to be contributive to the TCG standardization process without paying membership fee which TCG demands on an industry participant.

Lesson 4: \"Building Trust on the Internet via Global Collaboration\" by Professor Sihan Qing (Chinese Academy of Sciences)

Prof Qing presented his involvement with United Nations on the topic of building trust on the Internet via global collaboration. His talk included four parts: (1) current status of the Internet applications and its security concerns. (2)Building trust on the Internet via global collaboration. (3) Some important technical issues. (4) China’s contribution to the development of information security standards. In the fourth part， Prof Qing briefly introduced \"China Information Security Standardization Technical Committee\" (TC260 for short). TC260 was established in April 2002 with a mission to edit， evaluate and approve national information security standards. The standardization of Trusted Computing Technology in China is also conducted under TC260， which has successfully organized the International Trusted Computing Seminar jointly with TCG.

Tuesday， August 21， 2007

Lesson 5: \"Trusted Execution Technologies via Late Launch of Secure Enter\" by Dr David Grawrock (Senior Principal Engineer， Lead Security Architect， Intel)

Intel's \"Trusted Execution Technologies\" (TXT)， formerly known as \"LaGrande Technology\" (LT)， is widely regarded a \"major thing\" to make the Trusted Computing vision of TCG really work. This technology is a brainchild of David and his colleagues at Intel， and therefore David's talk was also well desired by the organizers of the School. David conducted the lecture in such an interactive fashion that he kept on asking questions which were really a bit of a challenge to many Chinese students as this way of teaching is not really usual in the Chinese education systems. Gradually the students were \"got educated\" and became interactive (in particular， a few students working on the Daonity project started to ask more and more questions and they remained actively interactive in the rest of the week).

The central technical point of TXT is how to launch a platform such that a software code of Trusted Computing Base (TCB) is authenticated and recorded in side a PCR in the TPM. As Graeme had helped in Lesson 1， it's now widely agreed that this software TCB should be a hypervisor in the virtualization technology. Considering that the hypervisor is not the first software in the boot sequence (below/before it there are e.g.， the BIOS， Master Boot Record and an OS Loader)， how can the hypervisor be a TCB which is booted by the non-TCB software below it? Late Launch is Intel's solution to this problem. Intel made a change to the CPU (a platform's few kernel hardware devices， such as CPU and memory， are considered TCB): it contains a platform specific RSA public key whose role is to authenticate the hypervisor. The term \"Late Launch\" refers to the following technical point: the usual， or \"early\"， launch of the platform is only for letting the hypervisor make its way to the CPU; once the hypervisor is authenticated by the CPU， the platform will launch the second time to load the hypervisor into the memory and have its measurement recorded into the TPM (in a special PCR). A possible maliciousness of the early launch codes cannot cause a non-bona-fide hypervisor to be launched in the later launch stage. The Late Launch code is also called \"Secure Enter (SEnter)\". David told us that Intel was to ship the new CPU in the week of the Summer School.

A whole morning session proved to be too short for David's lesson (David said \"I could talk on this topic the whole week\"). As the intrigued audience wanted to know a lot more in detail， David had to continue the course on Wednesday morning thanks to Dr Tuomas Aura of Microsoft giving way to David the half his allocated time.

Lesson 6: \"Trusted Full Disk Encryption Solution\" by Dr Zi Wang (Sinosun Technology Ltd)

Sinosun is a Trusted Computing solution developer in China (headquartered in ShenZhen with offices in Beijing and Taipei). It is also a TCG member. In early 2005 Sinosun launched its own fabrication of TPM v1.2 chip.

In this talk， Dr Wang described a serious application of Trusted Computing developed by Sinosun. This FDE system works with the full compatibility to the TPM Specification Version 1.2. It conducts real-time full storage disk encryption in a transparent manner without any performance loss. The TPM is used for key management and hence without the legitimate user to enable the TPM， a full disk of encrypted data is useless for an attacker.

Lesson 7: \"Japanese Industry Trusted Computing Activities\" by Dr Hisanori Mishima Hitachi (Hitachi)

In this talk， Dr Mishima provided a full description of the Japanese industry Trusted Computing activities led by the Japanese Trusted Computing Committee (JTCC) which are organized under the Japan Electronics and Information Technology Industries Association (JEITA) with funding support from a government agent METI. JTCC has envisioned many TPM applications ranging from \"measure of information leaks\"， \"device authentication\"， \"Grid computing in safe environment\" to \"application of attestation to e-commerce and web services\". Dr Mishima also described a METI Project target for medical application which applies Trusted Computing.

Lesson 8: \"Trusted Computing on Linux: Tweaks and Tips\" by Dr Seiji Munetoh (IBM Research， Japan)

Given that TCG is a standard in development， the so-far realized Trusted Software Stack (TSS) may be further developed， added with new features， or because they may even contain bugs and hence need patching. Dr Munetoh described IBM's solutions to these problems. He also provided a demo show of a realization over the Linux platform.

Lesson 9: \"Trusted Computing Technology: the trend in China\"， by Dr XingJian Zhang (Jetway Ltd)

Jetway is another Trusted Computing solution developer and technology provider in China (headquartered in WuHan with offices in Beijing， Shanghai， Hong Kong and GuangZhou). It is known that Jetway is the first company in China to work on Trusted Computing technology (as early as 2001). In 2004 Jetway shipped its Secured PCs which are secured by its own designed TPM.

Dr Zhang's talk was in two parts. In part 1 he provided a good overview on Jetway's technical offers. Part 2 was a comprehensive plan for future development which seems to follow the Chinese government led strategy in trusted infrastructure technologies. This second part raised a great interest by many international participants. Some of them commented that the Chinese government's plan \"is not seen in comparability of scale and ambition by any other nation\". In the whole half-an-hour coffee break time after his talk， Dr Zhang was rounded up by several international participants in discussions of his talk.

Lesson 10: \"Trusted Infrastructure Technology\" by Professor Vijay Varadharajan (Macquarie University， Australia)

Prof Varadharajan presented his team's research activities in this area. His research features the following proposition: there are two notions of trust: a hard notion which is based on certification， PKI， the use of hardware (such as TPM)， and a soft notion which is based on the sociology practice of reputation establishment， introduction management (e.g.， the trust ring calculus in Pretty Good Privacy). Somehow so far the hard notion works not as good as the soft notion. He suggests to research on combining these two notions.

Wednesday， August 22， 2007

Lesson 11: \"BitLocker Drive Encryption\" by Dr Tuomas Aura (Microsoft Research， Cambridge， UK)

Tuomas presented Microsoft's BitLocker full disk drive encryption system. This system is mainly to protect against information leakage， e.g.， from a lost laptop. He argued the necessity for full disk drive encryption and made comparisons with some previous solutions， in particular a previous Microsoft solution Encrypting File System (EFS). There are a number of problems with these previous solutions which one may not anticipate sufficiently. Hibernation process in Windows cause a problem: it stores the memory content into a hibernation file which is never encrypted. Only a full disk encryption solution can overcome this problem. BitLocker is such a method which not only applies TCG technologies， but also because it sits under Windows， trickier holes such as the hibernation file is now systematically repaired. Tuomas discussed to a non-trivial extent a number of technical details， including key management， software measurement， secure boot， and backup for data recovery.

Lesson 12: \"OpenTC---An Open Approach to Trusted Computing\" by Dirk Kuhlmann (HP Labs Bristol， Chair of OpenTC Consortium)

Open TC is a European Union funded project researching in open-source approaches to Trusted Computing technologies. The project includes 23 Partners including strong players from industry: AMD， Infineon， HP， IBM， SuSE/Novell (Intel is in the loop via cooperation with Cambridge University) and academic: University of Cambridge (XEN)， Universities Dresden and Bochum. The project duration is 36 / 42 months commenced in December 2005. In his talk， Dirk put much emphasis on open source based virtualization work. In OpenTC， the virtualization features to virtualize the TPM， i.e.， there can be a plural number of vTPMs， each is in side a virtual OS sitting above a virtual machine monitor which is in turn measured by the real TPM of the hardware platform. This is certainly an interesting feature. The virtualization work in OpenTC utilize the open source virtual machine monitors XEN and L4.

Lesson 13: \"Towards Trusted Grid Components\" by Dr Andrew Martin (Oxford University， UK)

Andrew provided a good overview on the grid computing and grid security problem. In grid computing， Andrew used many real examples to argue that grid is not only a way of high performance computing， it is also collaborated scientific work with a tremendously large scale of collaboration (e.g.， climateprediction.net， a computational grid). Moreover， grid is not only a way of sharing resource in a usual sense， it is also a new way of sharing knowledge for collaborated research (e.g.， sharing hospital X-ray photos in a UK eScience project \"e-DiaMoND\" which is a data grid). In grid security， Andrew made a thorough analysis using a campus grid Condor. These include trust model， trust identities and relations among the Condor components， and trusted isolation issues. Andrew's talk helped very much my talk on grid security on Friday in that it served a great introduction to the need of grid security and the fact of inadequacy of it today.

Wednesday Evening: Business Meeting\" by these people:

We discussed many things. Most were about to have a sequel in the next year (please be warned， nothing is official). If we will have 2nd APTISS， it is likely still to be held in China as \"this is the readiest place for this forum， in many ways ...\" However， in the next one we shall aim to sponsor students from the true AP area(this year all students were from China).

Thursday， August 23， 2007: Day Excursion Cruise around Macao Island， ShiJingShan Park (the neckwrecking go-cart experience is still vivid!!!) Somebody with more photos please upload to here， thanks!

Friday， August 24， 2007

Lesson 14: \"...\" by Prof Ahmad-Reza Sadeghi (University of Bochum， Germany)

To add soon.

Lesson 15: \"Daoli（道里）: Grid Security via Two Levels of Virtualization by Wenbo Mao (EMC Research China)

While I could jot down what the other lecturers presented in the School， I couldn't do for my own. Hence let me instead place the abstract of my talk below. But hang on for a second! I do remember I only presented half the talk. The other half---OS level virtualization---was presented by Haibo Chen， a Daoli project student of Fudan University. Haibo provided much technical details and answered some deep questions.

Abstract:

Ideally a grid is a virtual machine or virtual organization (VO) of unbounded computational and storage capacity built by pooling heterogeneous resources from real organizations (lessors). Currently such grids are only seen in scientific or academic communities. To maximally utilize their resources， commercial enterprises， like resource-abundant financial institutions， should ‘‘go for grid，’’ and become lessors. Inadequate grid security currently prevents commercial organizations with under-utilized resources from being lessors. A missing security service is behavior conformity: VO code mustn’t damage the lessor， and conversely， the lessor mustn’t compromise the VO’s proprietary information.

Project Daoli strengthens grid security by adding behavior conformity in three levels of virtualization with software components to be tamper-protected by TCG technologies. At the OS level， the protected component is a highly-privileged hypervisor that intercepts interrupts for memory isolation and persistent storage protection. At the application level， the component is a grid application plus protected data. A third level of virtualization， which is realized by grid middleware， enables one piece of code to run across the VO’s heterogeneous environment; policy enforcement is achieved simply by propagating this code with the protective credential being migrated along the TCG-technology enabled platforms.