Given the prevalence of malware in today's Internet environment, many users are hesitant to perform transactions involving private information, such as financial transactions, online. It is difficult for a user to assess whether a particular computing environment provides adequate protection of the user's secrets. Establishing the user's initial local trust in an execution environment is a long-standing challenge in trusted computing.
Two approaches for ensuring users that a computing environment will protect user secrets have been used. Both approaches involve creation of a trusted execution environment (TEE), which establishes a software execution environment in which executing code may be measured, verified, or otherwise determined to be authentic. In one solution, an assumption is made that a computing platform is initially free of malware. A trusted execution environment (TEE) is established on the initial computing platform, a trusted image is created and sealed to the TEE, and the trusted image can be deleted from software outside the TEE. The trusted image is used in the future by the TEE to assure the user that the TEE is being used. However, malware could discover and display the trusted image while executing, thereby undermining the trust placed in the TEE by users.
In another approach, a TEE performs a remote attestation with a remote service. The user contacts the remote service through out-of-band communication to obtain assurance that a TEE is being used. However, malware could insert itself onto the user's platform and communicate with the service provider in place of the user. It is difficult for the user to ascertain whether the service provider is communicating directly with the platform of the user. Instead, it is possible that malware has inserted itself into the communication such that the service provider is communicating with a TEE on another platform, and malware on the user's platform is communicating with the TEE on the other platform.