dcTPM: A Generic Architecture for Dynamic Context Management

With the emergence of new technologies the requirements for trusted platforms are constantly changing. Thus, the current Trusted Platform Modules (TPMs) have to cope with issues they have not been designed for. One such deficit of current TPMs is the inability to support multiple stakeholders as in mobile computing, virtualization, and cloud computing applications. In such scenarios, a TPM has to attest the state of their applications on the platform to each stakeholder and to additionally protect their individual assets. Therefore, we present a novel architecture, called Dynamic-Context TPM (dcTPM), to satisfy the needs of each participant in multiple stakeholder applications. Though there exist related approaches in literature, they address only software-based TPM instances. In contrast, the architecture proposed in this paper supports not only software-based TPMs, but also dedicated hardware TPMs or a combination of both for each stakeholder. As an additional asset, the dcTPM architecture enables a dynamic exchange of contexts (TPM instances) without any modification of the underlying architecture. This architecture has been implemented as a proof-of-concept on top of a Xilinx Virtex-5 FPGA platform, demonstrating a test case with off-the-shelf hardware and software TPMs.