Preventing various devices from being compromised by malicious software or “malware” is becoming increasingly difficult as new strategies continue to emerge that circumvent existing security measures. For example, malware such as “rootkits” may seek to compromise security in a device by being loaded during device initialization. As a result, these rootkits may maintain a level of privilege in the device that exceeds even that of anti-virus software. Trusted Execution (TXT) is at least one security concept that may maintain security starting from initialization. In TXT a trusted platform module (TPM) may maintain “measurements” (e.g., results generated by cryptographic hash functions performed on at least part of a program's code) for known-good programs in a secure memory within the device. As programs are loaded into the device, they may be measured to determine if a known-good version of the program has been loaded. Any changes to the program would yield a different measurement, indicating that the program may have be malware or at least a version of the original program that has been altered by malware. In one embodiment, a “chain of trust” may also be instituted wherein each program measures a subsequently loaded program to ensure that all programs in the chain are known-good programs.
While effective to deter unauthorized access, TXT may require resources such as secure co-processors, secure memory, etc. to support attestation via asymmetric encryption keys. Such resources may be readily available in more robust platforms such as desktop computers, laptop computers and even mobile devices like tablet computers and smart phones. However, devices are now being developed that may not comprise these resources but may still be susceptible to being compromised by malware. For example, small format devices such as wearable devices, sensors and/or devices that may depend on energy harvesting (e.g., generating their own energy for available sources such as mechanical energy, solar energy, etc.) may comprise computing resources that may only be powerful enough to sustain the operation for which the device was designed. Without a low-level protection scheme enabling security measures such as integrity reporting (e.g., for verifying that a program is a known good version of the program) and sealing (e.g., for protecting software secrets such as encryption keys) that may be implemented via TPM, TXT, etc., it may be impossible to detect if a resource-constrained device has been compromised by malware, and consequently, to prevent the malware on the resource-constrained device from infecting other computing devices with which the resource-constrained device may interact.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications and variations thereof will be apparent to those skilled in the art.