Trusted Computing

The idea of trusted computing is to provide security functions with which one computer system can establish and evaluate trust into another computer system within a distributed computing environment. Practically, trusted computing often refers to using a hardware security module for certain basic security functions to establish higher-order security properties. One example of such a module is the Trusted Platform Module (TPM), as specified by the Trusted Computing Group (TCG). However, trusted computing consists of more than just the specifications of the TCG. Trusted Computing is a concept, which can apply many different techniques and technologies. In that field I did most of my research. And this is still the main source of ideas, techniques and concepts I draw from when designing applied systems in practice.

Trusted Virtual Domains

TVD for L4

TVD for OpenSolaris


Trusted Password Wallet

One of my research projects during my PhD studies was TruWallet, a wallet-based web authentication security architecture. It uses a password wallet to store login information for web sites and a security kernel with trusted computing support to provide a secure and isolated execution environment for the wallet. The protected execution environment prevents malware or other unauthorized software from reading the passwords from the wallet database. The wallet itself verifies the legitimacy of websites and inserts automatically the login credentials on behalf of the user. Hence, the user does not need to care about checking websites or even about remembering all the passwords for all used websites and accounts. 

Uni-directional Trusted Path

Another research topic was around asking the question whether a trusted path from a system to a user has to be bidirectional for all use cases, i.e., authenticating the system to the user and authenticating the user to the system.  The answer is no, there are use cases that allow a uni-directional trusted path (UTP), just from the user to the system. I did this research together with Jonathan McCune, and Atanas Filyanov helped to implement it. We identified use cases such as transaction confirmation in online purchases or CAPTCHAs as possible applications.


The UTP approach allows users to confirm a transaction without the need to having them know that the application they are interacting with is actually trustworthy or not. We are using trusted computing features for remote attestation and isolated code execution (i.e., our prototype used Intel TXT and a TPM). We leverage these mechanisms to establish a "one-way" trusted path allowing service providers to gain assurance that users' transactions were indeed submitted by a human operating the computer, instead of by malware such as transaction generators.


In the UTP design, a trusted confirmation and (optionally) authentication agent executes in CPU-provided isolation. The trusted computing base (TCB) of the trusted agent is remarkably small (just a few thousand lines of code), and remains compatible with users' existing operating system and application environments.

When the client requests an action from the server that requires a confirmation of the user's intent, the server establishes the uni-directional trusted path by sending a message to the client. The untrusted client program invokes the execution of the UTP Agent in the CPU's secure execution mode. The UTP Agent displays the message provided by the server (e.g., a transaction summary) to the user. Once the user has viewed and confirmed the message, the UTP Agent assembles the necessary data to generate a cryptographically secured attestation that these events happened while in the secure execution mode. The attestation dat is sent to the server, and the server can verify the data was processed in the secure CPU mode or not. If the verification succeeds, the server knows that a uni-directional trusted path to the human user has been established and that the transaction can be processed.

Property-based Virtual TPM

vTPM for VirtualBox

Research Works

Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Atanas Filyanov, Jonathan M. McCune, Ahmad-Reza Sadeghi, Marcel Winandy.
41st International Conference on Dependable Systems & Networks (DSN 2011), IEEE Computer Society, 2011.
Adobe Acrobat Document 523.8 KB
Trusted Virtual Domains on OKL4: Secure Information Sharing on Smartphones
Lucas Davi, Alexandra Dmitrienko, Christoph Kowalski, Marcel Winandy
STC '11: Proceedings of the 6th ACM Workshop on Scalable Trusted Computing, ACM, 2011.
Adobe Acrobat Document 658.4 KB
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Hans Löhr, Thomas Pöppelmann, Johannes Rave, Martin Steegmanns, Marcel Winandy.
STC'10: Proceedings of the 5th Annual Workshop on Scalable Trusted Computing, ACM, 2010.
Adobe Acrobat Document 568.5 KB
Trusted Virtual Domains: Color Your Network
Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy.
Datenschutz und Datensicherheit (DuD) 5/2010, pp. 289-298.
Adobe Acrobat Document 330.8 KB
Trusted Computing: Prüfender Chip
Marcel Winandy.
Kommune21, Titelthema Datenschutz im E-Government, 12/2008, S. 26-27, K21 media AG, 2008.
Adobe Acrobat Document 277.3 KB
Towards Multicolored Computing - Compartmented Security to Prevent Phishing Attacks
Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy.
1st Benelux Workshop on Information and System Security (WISSec 2006).
Adobe Acrobat Document 417.8 KB