A Framework for Controlled Key Release


Student Name: Logan Schmalz
Defense Date:
Location: Nichols Hall, Room 246 (Executive Conference Room)
Chair: Perry Alexander

Drew Davidson

Sankha Guria

Abstract:

Modern security relies heavily on public key cryptography, and private keys and secrets in general must be protected from attackers. Against a highly-capable adversary it is ideal to store secrets outside of main memory, which is easy on general purpose systems with the now widely-available Trusted Platform Module (TPM) 2.0. However, the lack of integration between the TPM and the OS makes protecting secrets with automated availability needs difficult. We develop a strategy to authenticate OS entities and protect TPM-stored secrets without restricting access to the TPM, using standard features available on Linux---SELinux, Integrity Measurement Architecture (IMA), Extended Verification Module (EVM), and Linux Unified Key Setup (LUKS).

Degree: MS Thesis Defense (CS)
Degree Type: MS Thesis Defense
Degree Field: Computer Science