HAP Technology Overview:
Trusted Computing Technologies Used in the High Assurance Platform
Today, a variety of commercial products make limited use of Trusted Computing technologies, but few secure, integrated platforms exist. The HAP Program combined a comprehensive set of Trusted Computing technologies to create secure HAP workstations and networked enterprise environments. These reference implementations use hardware and software technologies to dramatically improve workstation and network security. Some of the Trusted Computing technologies and techniques that were included in the HAP framework are outlined below:
1) Hardware-based Root of Trust: HAP relies on the Trusted Platform Module (TPM), an implicitly trusted hardware component, to store encryption keys and system measurements and protect against software-based attacks.
2) Device Measurement: The identity and integrity of each hardware and software system component are measured and verified before passing control.
3) Measurement Monitoring: Verifiable reports of a device's identity and current configuration are transmitted to the network, where decisions are made governing network access and device disposition. No unknown or noncompliant devices are allowed on the network.
4) Long Term Protected Storage: Hardware-based full disk encryption ensures that data is secure, even if drives are removed from workstations.
5) Process Separation: HAP uses hardware- and software-secured virtualization to separate user processes from supervisor processes. Secure domain separation enables multiple security domains to be hosted on a common computing platform base with no unintended interaction.
6) Program Isolation: HAP uses guest partitions like virtualization or separation kernels to separate applications from one another. Code, Data and Resources associated with Process A are unavailable to Process B.
Date Posted: Jan 3, 2011 | Last Modified: Jun 8, 2012 | Last Reviewed: Jun 8, 2012