Bare machine computing and the trusted client problem

Abstract

Bare Machine Computing (BMC) is a platform which isolates running applications from other system components that may adversely interact with the application to create security issues. This isolation can help to address the “Trusted Client Problem” where a developer wishes to prevent use of their software by unauthorized parties and unauthorized use of software by legitimate clients. In a BMC-only environment, the delivery mechanism described in this research prevents unauthorized parties from opening software intercepted during delivery to a legitimate client and further prevents a client from unauthorized copying and redistribution of the software. In general, copy-protection cannot prevent an authorized client with sufficient resources, expertise, and motivation from disabling or circumventing the delivery mechanism, but BMC provides stronger protection than operating system (OS) based alternatives, and offers full protection against compromise by outside parties, other than a legitimate client. In a non-BMC environment, this research also proposes a secondary delivery mechanism that allows secure delivery of a software or data payload between two endpoints that insures that any party intercepting the payload is unable to distill the original contents. Both delivery mechanisms use a two-factor scheme requiring a pair of devices that could be easily expanded to support Internet transport. Likewise, both mechanisms use a layered encryption scheme (AES under RSA) to produce a transport cipher strength that far exceeds the highest FIPS standards.