HOME EVENTS NEWS TEAM PARTNERING ABOUT US TRAINING CONTACT
  TEAM ACCESS
     Silver Access
     Gold Access
     Researcher Access
  ASSOCIATIONS 
     Auditors (ILA)
     Training Partners
     Platinum Team
  RESEARCH
     Business Integrity (BIT)
     Home Security (HSM)
     Networking Protocols (OPRP)
     Security Auditing (OSSTMM)
     Security Metrics (ravs)
     Child Security Awareness
     Teen Security Awareness
     Trusted Computing (AVIT)
     Security Models (SOMA)
     Code Analysis (SCARE)
     Security Tools
     Secure Programming
  CERTIFICATION 
     Security Analyst
     Security Expert
     Security Tester
     Wireless Security Expert
     Trust Analyst
     Security Awareness Instructor
     Certified People
     Companies & Products


AVIT - Applied Verification for Integrity and Trust

AVIT (Applied Verification for Integrity and Trust) is part of the EU-supported OpenTC project to explore whether an open methodology can give guidance to designers, implementers, and independent evaluators to standardize tests for trustworthiness.

The Trusted Computing Group (TCG) and Trusted Platform Module (TPM) are the center of a paranoia level as high as any in conspiracy circles. The open, community-reviewed, methodology of Applied Verification for Integrity and Trust (AVIT) will apply tests to answer the core questions of Trusted Computing and dispel the catalytic myths assisting current paranoia.

Trusted Computing is often associated with DRM (digital rights management) but has far more important possibilities. Even its potential for DRM is in itself not all bad as it can open doors for information and entertainment access currently not available to many people who may suffer from physical or sensory limitations or illness. Outside of DRM, Trusted Computing can provide means for new system support services where systems can be maintained by a third party with tamper-proof assurances. Services like this can range from server support to data insurance. Furthermore, being able to link a system to a person with the same probability of matching DNA at a crime scene to a perpetrator will open more possibilities for honest transactions while thoroughly minimizing false accusations of computer crime and drawn out trials of expert "opinions" where the facts can speak for themselves. However, none of this is possible if the people have no means for trusting the system.

Enter the Trusted Computing Group (TCG) and the Trusted Platform Module (TPM). The growing ubiquity of the TPM on computer motherboards has managed to put, at the very least, the Free/Open Source Software (FOSS) and LINUX communities on the defensive with the TCG. The movement to involve the TPM in commercially viable interests by members of the TCG have precluded these arguments with the uncertain future of TPM application with the exaggerations of wants and fears. Most of these come from who is involved in the TCG rather than what they have done.

As part of OpenTC, an EU-supported, collaborative research and development project started in November 2005, ISECOM is approaching Trusted Computing in a pragmatic fashion. Developing trust tests works best in the FOSS approach and as ISECOM approaches every methodology, we will take paranoia from everyone and devise the most thorough means to address all fears towards trustworthiness. That will also allow for tests which provide a metric for trustworthiness. Which, in turn, will allow transparent rules of trustworthiness to be followed to conclusion and therefore decide STOP or GO. In conclusion, ISECOM will attempt to open the methods of trustworthiness.

This project's goals are to develop test methods and metrics for assuring trustworthiness for the software developer, the user, and third parties needing assurance towards trust. A means must exist for transparency and communication of openness while not sacrificing privacy.

This project is not about supporting DRM, Palladium, "trustworthiness", or Trusted Computing (TCPA specifically) rather it assuring trusted computing claims and assuring trust goes both ways from what we want on our systems to what others put on it known and unknown.

If you are interested in helping with this project please contact us.

 
 Name                     Spain Mirror sponsored by USA Mirror sponsored by
 
 AVIT_Abstract.v2.pdf.....

 

Join the ISECOM page on Facebook  Follow us on Twitter  

SUBSCRIBE TO ISECOM NEWS
 
VIEW ALL MAILING LISTS

Join the ISECOM PLATINUM, GOLD or SILVER TEAM


 

ISECOM is an open, collaborative, non-profit, scientific, security research organization registered in Catalunya, Spain.  All research here has been performed without commercial or partisan influence.  Contact us directly to be a security researcher on the ISECOM team.

Disclaimer:  While all documents on this site are available under Copyleft and the Open Methodology License, do check the licenses within each tool or document prior to copying, modifying, or distribution for any individually stated requirements.  Additionally, all research is provided here for information purposes only and ISECOM is not responsible for any misuse.


www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org
www.opse.org - www.opst.org - www.opsa.org - www.owse.org
  If you have any comments, questions, or to note broken links on this website contact the Webmaster.