Cloned Trusted Platforms for Privacy

Recent developments related to the legal and social aspects of privacy issues call for technical measures enforcing strict restrictions and requirements on the collection, use and disclosure of personal data. Trusted systems can be used for secure storage of sensitive data.

Once a system state is defined as a trusted state and the system is set up to this state, its security characteristics can be transferred to a system clone that is composed of identical software (boot chain components, operating system, and applications) and matching hardware.

Applications using cloned trusted platforms include

– Database synchronization: database management systems that over a restricted access to its databases. Further, the database can be synchronized and backed up without the need of low-level table access for administrators.

– Parallel computing: clustering synchronous trusted servers increase the output performance and reduce the response time compared to stand-alone servers.

– Enforcing restrictions expressed through rights expression language (RELs) across systems: a REL description might require the system to restrict access and maintain a state (i. e. a maximum of n queries are permitted on a database in order to avoid illegitimate database duplication). This state needs to be distributed across physical systems in a way that one logical system stays consistent (i. e. set up 2 physical systems that allow n=2 requests each until the next synchronization takes place).

The implementation of any of the above projects requires an efficient and reliable remote attestation scheme.