Computer users are increasingly concerned about the security and availability threats posed by viruses, worms, Trojan horses, identity theft, software and media content piracy, and extortion using threats of data destruction. Conventional operating systems provide numerous security features to guard against such attacks such as checking and enforcing the rights of user or program subjects by the system trusted computing base (TCB). However, the TCBs of modern operating system suffer from various problems, such as:                1. Critical TCB components are not isolated from modification by attacking code. For example, an attacking driver can affect the security auditing function or the decisions made by the system security reference monitor. Consequently, it is necessary to provide sufficient isolation for important TCB components such that their behavior cannot be easily controverted.        2. The state of critical TCB components cannot be adequately “measured” in order to understand if they are “good”.        
Computer security is often dependent on being able to predict the behavior of software components. In general, the security of a system may flow from the premise that a known program whose behavior is understood, which proceeds from a known good state, will act in a predictable manner (i.e., that its output is what it should be). Conversely, the thwarting of security—which may involve getting a computer system to behave in ways that are outside the contemplation of its designer—can generally be realized by replacing or changing a known program, or running it in a state in which its behavior is not understood. Thus, one aspect of providing security for a computing environment includes verifying that a known program is being used, and that it is proceeding from a known good state. The TPM accomplishes this by validating that data is what it should be because a measurement such as a hash of the data matches a value previously sealed in the TPM.
Most TPMs today conform to the TRUSTED COMPUTING GROUP® (TCG) standard, presently available at https://www.trustedcomputinggroup.org/home and entitled “Trusted Platform Module (TPM) Specification Version 1.2.” The TPM is a subsystem that may be incorporated into computing platforms to establish trust for the code that is executed by a platform. Standardization of mechanisms for establishing trustworthy code is beneficial because it allows the security and cryptographic community to assess the mechanisms for providing security, and because it promotes customer understanding and trust of new software features. It also encourages innovation in implementing and improving the standard, as contemplated and encouraged by the TCG®.
Modern computer systems that contain TPMs typically have large monolithic trusted computing bases (TCBs) with complicated interfaces. Unfortunately, the complexity of the interfaces may result in breaches of the TCB. To minimize such breaches, it is known that certain modules inside the TCB may be run in a higher assurance level than the operating system. Thus, one prior art approach is to build a very small microkernel that is secure, and then to run service processes for the security services (or place them in the microkernel). This has been done in previous operating systems, such as Mach, but it is difficult to retrofit this sort of behavior to an existing operating system.
Existing operating systems may also provide security by using a boot procedure to audit the identification of the user and to provide a meaningful identification to the operating system's software stack so that the operating system may be examined before booting for proper authentication. Hashing may also be used to provide an attestation service to each program in an operational chain. Unfortunately, the operational software chain may not be dynamically recreated. It is desired to recreate the chain dynamically on each request using secure attestation software such as software that has been authenticated and used by the service partition.
Another approach to minimizing operating system breaches is to provide an isolation technology such as a virtual machine (VM) that isolates an operating system in a secure partition within the VM environment. However, operating systems within a VM environment are only as secure as their interfaces and security features allow them to be.
A solution is desired that allows service processes to be placed at a higher assurance level by checking the integrity of a TCB service module and the environment that it operates in and by providing sufficient isolation for the service process to execute unmolested, while simultaneously limiting access to the service modules to trusted system components. A solution is also desired that may be retrofitted to existing operating systems. The invention provides such solutions.