The Second ACM Workshop on Scalable Trusted Computing (STC'07)

Invited Talk I: Trusted Computing Challenges

By Leendert van Doorn (AMD)

ABSTRAC. Trusted computing, which most people take to be synonymous with TCG related technologies, has been commercially available since 1999 (back then it was called TCPA). Still, even after 8 years, its adoption has been slow and the TCG features are underutilized. The question is why? Initially the TCG technology had to overcome a lot of misconceptions and privacy concerns, but leaving these aside, the TCG-technology has also many technical challenges that have yet to be resolved. For example, attestation is a very powerful concept but is fraught with problems.

A key problem with attestation is scalability. A straightforward attestation implementation such as IMA for Linux does not scale. IMA captures all the measurements for all the applications on a running system and then burdens the recipient with verifying the attestation statements. With many different versions of operating systems, kernel modules, libraries and applications this mechanism quickly becomes unpractical. Even property-based attestation, which makes the consumption of attestation statements a lot more palatable for the receiver, still has the scaling problem of mapping all these changing components to a single property.

This is just one of the many open problems trusted computing still faces. In this keynote I will discuss what I consider to be the main open challenges and I will present my vision of how commerciallyviable trusted systems need to evolve.

Bio. Dr. Leendert van Doorn is a Senior Fellow at AMD where he is leading the Software Technology Office, an organization that was recently created to drive focused software initiatives around: accelerated computing (manycore), managed code, virtualization, and security. Leendert is actively involved in AMD’s future processor designs and product planning councils. Before joining AMD, he was a Senior Manager at IBM T.J. Watson Research Center where he initiated and led IBM’s secure hypervisor (sHype) initiative and where he was responsible for the research contributions to IBM’s 4764 physically secure coprocessor that ships in most mainframes. Leendert holds a Ph.D. from the Vrije Universiteit in Amsterdam, he has authored over 40 papers and he is known to find refuge at CMU to work with his graduate students.

Invited Talk II: The Insider Threat in Scalable Distributed Systems: Algorithms, Metrics and Gaps

By Yair Amir (JHU)

ABSTRACT. However well we protect our systems, there is always a chance they will be compromised. Constructing practical survivable distributed systems that achieve their goals even after being penetrated is a challenge. The problem manifests itself in algorithms maintaining consistency among servers, in routing protocols, and in the interface between clients (or sensors) and the system.

We discuss our recent work on intrusion-tolerant algorithms that scale to wide-area networks. We demonstrate limitations in traditional correctness criteria and in common metrics that, while relevant to small systems, are less meaningful in large and complex environments. We propose new metrics that may better capture the challenge posed by such environments. We also point to gaps where no adequate solutions currently exist.

BIO. Yair Amir is a professor of computer science at Johns Hopkins University, heading the Distributed Systems and Networks lab ( His research goal is to understand the challenges, invent algorithms, and construct software tools that enable high performance, robust, secure and survivable distributed systems.

Yair was the initiator of the Spread group communication toolkit, which is used in thousands of installations around the world in commercial, academic and government settings. He also led the development of Secure Spread, including the first robust key agreement protocols, as well as the SMesh wireless mesh network (, the first seamless 802.11 mesh with fast lossless handoff, the Spines overlay platform ( and the Wackamole and Backhand N-way failover and load balancing projects (

Yair has been a member of the program committees of the IEEE International Conference on Distributed Computing Systems (1999, 2002, 2005-07), the ACM Conference on Principles of Distributed Computing (2001), and the International Conference on Dependable Systems and Networks (2001, 2003, 2005). His current research on the analysis, design and construction of systems and networks that can survive insider attacks is funded by the CyberTrust program of NSF.