| Full text | Click to download. |
| Citation | 2004 Workshop on Economics of Information Security, Minneapolis MN, May 2004
|
| Authors | Dirk Bergemann
Joan Feigenbaum Scott Shenker Jonathan Smith |
Trusted-platform initiatives such as Microsoft's Next-Generation Secure-Computing Base (NGSCB) and the industry-wide Trusted-Computing Group (TCG) effort are the subject of significant research and development now. The goal of these initiatives is to change a fundamental fact about networked, general-purpose computers that is often viewed as a barrier to security: Once data are sent from one machine to another, the sender loses control over them. Trusted-platform designs offer hardware-based, cryptographic support for proofs that a potential receiver's machine is running an approved software stack. By making such proofs prerequisites for the transfer of sensitive data, owners of these data can ensure that only authorized applications will be run and only authorized actions will be taken by users. The best publicized motivation for this type of "remote control" of networked computers is copyright enforcement for entertainment content, but in fact a wide variety of security-p! olicy enforcement might be enabled if trusted platforms worked as advertised and were widely adopted. In this position paper, we provide a simple model of a trusted-platform market, drawing upon recent work on the more general topic of two-sided markets. Using this model, we make some basic observations about adoptability of and alternatives to trusted platforms. Our main goal is to lay the groundwork for an economically informed research agenda on trusted platforms, and, toward this end, we suggest some specific open questions about how one could elaborate on our simple model.