"Turaya.Crypt" and "Turaya.VPN", two systems based on the first trustworthy open source security platform supporting Trusted Computing functionality, are now available for download.
The platform provides isolation of different processes by means of a virtualization layer. Thus, secure applications can be run in parallel to a conventional, insecure operating system.
The European Multilaterally Secure Computing Base (EMSCB) consortium provides the source code at their web site (URL below). The technology is communicated under the name "Turaya". A bootable CD-image with demonstrators of the device encryption module "Turaya.Crypt" and the secure VPN application "Turaya.VPN" can be downloaded as well.
The security platform supports Trusted Computing technology and implements highly secure functionality in a trustworthy way. By means of a virtualization layer, processes can be isolated from each other. For example, an insecure operating system can be run in parallel to secure applications. The platform is based on an L4-microkernel. Currently, the operating system that runs on the security kernel is Linux.
The security platform renders highly secure applications possible. Its Trusted Computing technology enables the authentication of not only users, but also platforms. Important files and passwords can be saved outside the insecure operating system. Conventional threats, like worms, viruses or trojan horses are reduced to a minimum or even completely prevented.
Examples of applications are secure web services like online banking, and applications that require the enforcement of security policies (Enterprise Rights Management), e.g., a secure document management service (4th milestone, 2007). The upcoming milestones are developed in cooperation with SAP and Bosch/Blaupunkt.
The EMSCB group, a consortium of German universities and companies, partly funded by the German Federal Ministry of Economics and Technology, is developing a trustworthy, fair and open security platform. The aim is an open security architecture based on Trusted Computing technology which is compatible with existing, conventional operating systems, but at the same time eliminates their inherent threats.
The architecture provides a basis for the realization of security-critical applications and serves as a standardized technology for the German industry for the development of new innovative products for PC and server based platforms, embedded systems and mobile devices. Thus, the German IT industry can be independent from foreign monopolists and improve their international position.
[The illusion that TCPA, or whatever they call it today, can make computing more secure has already been dealt with in ISB. It can be used to further curb consumers' rights through restrictive DRM of course, and it can be used to further deter democracy - especially in the workplace - by preventing whistleblowing and journalistic insight into documents that (corporate or government) conspirators would rather keep secret. This technology is anti-democratic and should be rejected on political grounds.
I do recommend visiting the Turaya web site though - it's one of the tabs that is permanently open in my Firefox. --Ed].
Related links: (Open in a new window.)
www.emscb.org
Taken from Information Security Bulletin.