Information Assurance Menu

Skip Search Box

HAP Technology Overview:

Trusted Computing Technologies Used in the High Assurance Platform

Today, a variety of commercial products make limited use of Trusted Computing technologies, but few secure, integrated platforms exist. The HAP Program combined a comprehensive set of Trusted Computing technologies to create secure HAP workstations and networked enterprise environments. These reference implementations use hardware and software technologies to dramatically improve workstation and network security. Some of the Trusted Computing technologies and techniques that were included in the HAP framework are outlined below:

Picture Depicting the Trusted Platform Module (TPM)1) Hardware-based Root of Trust: HAP relies on the Trusted Platform Module (TPM), an implicitly trusted hardware component, to store encryption keys and system measurements and protect against software-based attacks.

Diagram Depicting the Trusted Platform Module (TPM) Device Measurement2) Device Measurement: The identity and integrity of each hardware and software system component are measured and verified before passing control.

3) Measurement Monitoring: Diagram Depicting Measurement MonitoringVerifiable reports of a device's identity and current configuration are transmitted to the network, where decisions are made governing network access and device disposition. No unknown or noncompliant devices are allowed on the network.

Diagram Depicting the Long Term Protected Storage4) Long Term Protected Storage: Hardware-based full disk encryption ensures that data is secure, even if drives are removed from workstations.

Diagram Depicting the Process Separation5) Process Separation: HAP uses hardware- and software-secured virtualization to separate user processes from supervisor processes. Secure domain separation enables multiple security domains to be hosted on a common computing platform base with no unintended interaction.

6) Program Isolation: HAP uses guest partitions like virtualization or separation kernels to separate applications from one another. Code, Data and Resources associated with Process A are unavailable to Process B.


Date Posted: Jan 3, 2011 | Last Modified: Jun 8, 2012 | Last Reviewed: Jun 8, 2012