TCG and IETF further cement interoperability in attestation with long-term partnership
Beaverton, OR, USA, December 2, 2019
Through their ongoing work on the definition and architecture of how attestation works, TCG and the IETF are enabling higher levels of security within the operating systems of mobile devices and tablets. Working together, the two global standards organizations are defining a structure for the assurances that are input into application codes and setting specific rules so that they can be interpreted and ran interchangeably and interoperably
This is to address challenges within the current infrastructure which was built with a premium on openness and interoperability. While this has paid huge dividends in terms of creativity and innovation, the same openness is problematic for security with evidence showing that the access control model of some operating systems is inadequate against many types of attacks w security works.
In a tightly managed operating system, the applications that are available to download entail specific attestation that has been approved by the device manufacturer. The device then checks the digital signature and makes sure everything is correct before it installs the code
When an operating system has ties to the application and is not tightly managed, catastrophic consequences can occur as the applications have the ability to get down to the main operating system level where it is open to exploitation and numerous security problems.
In order to ensure the highest levels of security, whether the device contains a tightly managed operating system or not, device manufacturers need to consider the attestation in their connected devices. With the introduction of one set of standards, the industry is able to guarantee higher levels of assurance and ownership and ensure that there is more accountability when a problem occurs ication is responsible to sign the code, the manufacturer is providing an assurance that they believe that the code is secure, if a vulnerability is then found, they are ultimately responsible for removing the issue and updating or patching the application.
Vendors worldwide, both members of TCG and participants in the IETF, have been collaborating on the development of attestation standards and technologies to ensure the capability with a variety of use cases.
Moriarty recently highlighted the developments of the partnership between TCG and the IETF at the TCG October Annual Members Meeting in Toronto, Ontario, Canada. In her keynote presentation entitled
Ansprechpartner: Fran Cator
Telefon: +44 (0)1522 883640
Die PresseMitteilung stellt eine Meinungsäußerung des Erfassers dar. Der Erfasser hat versichert, dass die eingestellte PresseMitteilung der Wahrheit entspricht, dass sie frei von Rechten Dritter ist und zur Veröffentlichung bereitsteht. businesspress24.com macht sich die Inhalte der PresseMitteilungen nicht zu eigen. Die Haftung für eventuelle Folgen (z.B. Abmahnungen, Schadenersatzforderungen etc.) übernimmt der Eintrager und nicht businesspress24.com