Technologies are needed to allow software to be executed on any non-previously prepared or reviewed computer (e.g., an employee's private PCs) while ensuring that its execution is secure, e.g., as secure as on a corporate/company PC. Such a technology would enable a trusted bring your own (BYO) computing work environment. BYO generally relates to “Bring your own device” (BYOD), “bring your own technology” (BYOT), or closely related, “bring your own behavior” (BYOB). BYOD or BYOT concerns corporate/business policy of how employees can bring and use personal mobile devices at work and access employers' email, databases and files, while otherwise using such devices at home, whereby personal applications/data are accessed through the same devices. Beyond hardware, BYOB extends this to software used on the device.
Besides, it is well-known that any software executed on a computer (e.g., a PC) may be attacked by viruses and malicious software (malware) that may be present on the computer's operating system. One solution for this problem is to restart the PC from an external boot media, e.g., stored on a user-trusted device, typically a secure device, and start a new and—from a security perspective—clean operating system (OS) from the external media. An example of such a user-trusted device is the so-called Zone Trusted Information Channel (or ZTIC for short).
In a bring-your-own (BYO) scenario, one may want to start an operating system, or OS, on a computer that has already been prepared with another (e.g., native) OS and whose hard drive is fully encrypted. One solution is to rely entirely on an external memory stick where the BYO OS's data are stored to start the computer from this external device without using the local hard drive. A downside of this solution is that it requires a fast memory stick for the booted OS to be usably fast. Another issue is that if the swap space is located on the external drive, the memory stick may fail quickly (as most memory sticks allow limited block write operations).