We, as computer users, have been long suffering the problems with unwanted intrusions of our systems through tools and software that come in various sizes and shapes, and broadly termed as malware. It is well known fact that the computers of today are forced evolution of the design of its first ancestors. In the old times of 50s and 60s, the growth of computers was never estimated to be of such gigantic proportions and may be even humans of those times (users of computers) were of more submissive nature and didn’t like to hurt anyone big time. But the times have changed, so does have humans and their intentions have also changed. Stakes are now much higher and temptations are at their highest levels ever. Question one may ask is that have we also progressed in security of the computers on the same pace? I think we cannot say a confident “yes” as an answer to this question as the security records of computers and software tell us.
Necessity is mother of all inventions and one such necessity (as discussed above) gave birth to a non-profit group, Trusted Computing Group (TCG). They took on the daunting task of revisiting the core of computing (hardware / software) and inject measures in its basis that can reasonably guarantee trustworthy computing. Burmester (2006) has given a nice consolidated description of the TCG initiatives, threat-models and presents an overview of the TCG model and discusses summarized architecture of TC.
Since the TCG model involves signing and authenticating the hardware and software it significantly complicates the process of forensic analysis of the computer. Law enforcements agencies and computer forensic professionals have to be aware of the potential issues that may arise due to the adoption of the TCG. Talking about the trusted computing and forensic analysis Burmester (2006) says “From a digital forensics point of view, the advent of trusted computing is not all bad. In fact, the TC-enabled features most feared by the naysayers may become a boon for cyber-investigators. On the other hand, if file-encryption becomes the norm, trusted computing may turn out to be law enforcement’s worse nightmare”.
On the other hand “reference monitor is a tamperproof, always-invoked, and small-enough-to-be-fully-tested-and-analyzed module that controls all software access to data objects or devices (verifiable)” (Wikipedia.com, 2008). Reference monitor enables controlling the requests at the lowest possible level, nipping the evil in the bud.
Both have common objective of saving the systems from security breaches or at least making an effort to minimize the chances where one enhances control on the root level other introduces new protection measures on the higher levels.
Burmester et. al. (2006). The Advent of Trusted Computing: Implications for Digital Forensics. Available: http://www.cs.fsu.edu/~burmeste/tc.pdf Accessed: 2 March 2008
Wikipedia.com (2008). Reference Monitor. Available: http://en.wikipedia.org/wiki/Reference_monitor Accessed: 2 March 2008