TOCTOU, Traps, and Trusted Computing

  title={TOCTOU, Traps, and Trusted Computing},
  author={Sergey Bratus and Nihal D'Cunha and Evan Sparks and Sean W. Smith},
The security of the standard TCG architecture depends on whether the values in the PCRs match the actual platform configuration. However, this design admits potential for time-of-check time-of-use vulnerabilities: a PCR reflects the state of code and data when it was measured, not when the TPM uses a credential or signs an attestation based on that measurement. We demonstrate how an attacker with sufficient privileges can compromise the integrity of a TPM-protected system by modifying critical… CONTINUE READING
Highly Cited
This paper has 63 citations. REVIEW CITATIONS


Publications citing this paper.
Showing 1-10 of 40 extracted citations

64 Citations

Citations per Year
Semantic Scholar estimates that this publication has 64 citations based on the available data.

See our FAQ for additional information.


Publications referenced by this paper.
Showing 1-10 of 26 references

Concepts of Trusted Computing

  • G. Proudler
  • Mitchell, C. (ed.) Trusted Computing, IET, pp. 11…
  • 2005
Highly Influential
5 Excerpts

A Dynamic Trust Management Solution for Platform Security Using Integrity Measurements

  • S. Cabuk, D. Plaquin, C. I. Dalton
  • Technical report, HewlettPackard Laboratories
  • 2007
1 Excerpt

Exploring the Integration of Memory Management and Trusted Computing

  • N. D’Cunha
  • Technical Report TR2007-594, Dartmouth College…
  • 2007
1 Excerpt

Integrity of hardware-based computer security is challenged

  • T. Greene
  • NetworkWorld
  • 2007
1 Excerpt

Similar Papers

Loading similar papers…