This paper describes the concept, design and a prototype implementation of the Thin Clean Client, which allows the user to use a single PC for two or more purposes: an ordinary PC for everyday use, and a part-time secure environment for highly sensitive tasks. TCC can be used to protect users from malicious spyware that tries to steal user passwords. In addition, enterprise applications can protect sensitive data from leakage, by enforcing restrictive security policy on each client, and accepts connections from only those clients that enforce such policy. The system is built on top of the Knoppix Linux, with various open source technologies such as OpenVPN and the kernel level firewall, to enable greater control over the client behavior. Finally, the system takes full advantage of the Trusted Computing technology. The Knoppix Linux is modified to support Trusted Computing technology such as the integrity measurement by TPM. Remote attestation allows the enterprise server to verify the client configuration before granting access. The paper concludes with evaluation of the prototype, with observation on advantages and issues of using Trusted Computing in the thin client space.

By: Sachiko Yoshihama, Megumi Nakamura, Kristian Sorensen, Seiji Munetoh

Published in: RT0631 in 2007

This Research Report is not available electronically. Please request a copy from the contact listed below. IBM employees should contact ITIRC for a copy.

Questions about this service can be mailed to reports@us.ibm.com .