The advent of eCommerce and eGovernment, and the rapid expansion of world-wide connectivity demands IT systems that can guarantee a variety of security properties (authenticity, integrity, privacy, anonymity, availability) to protect security-critical information and data. Further, one wishes to use a single system for multiple purposes requiring high level of security and yet belonging to different domains: financial, medical, professional, social, and personal.
Cryptographic and security research communities have provided a variety of tools to achieve these security goals. However, all these solutions are based on the assumption that the underlying computing platform is secure, which is not the case since existing computing platforms, in particular common operating systems, lack mechanisms to support and to enforce adequate security policies that can be easily maintained by non-experts. Beside architectural security problems and the inherent vulnerabilities resulting from high complexity, common computing platforms require careful and attentive system administration skills, and are still unable to effectively protect individuals from executing malicious code. This can be seen by the huge number of exploits and security updates as well as the high number of attacks through viruses, worms and Trojan horses. These problems concern Windows-based operating systems as well as Linux-based ones.
Today's distributed applications involve different parties (companies, end-users, content providers) with possibly conflicting interests and (security) requirements. Hence, it is desirable to guarantee the requirements of all of them in a reasonable and pragmatic way. Most of the currently used IT systems lack elementary security properties, such as integrity checks (secure booting) or the generation of secure cryptographic keys (through appropriate random number generators). Thus, the existing threats thwart the realization of useful applications and business models.
This situation brings about the need for developing a new generation of secure computing platforms that can provide multilateral security. The EMSCB Project aims to develop an open source and multilaterally secure computing platform that is capable of enforcing security policies of different parties in a distributed environment.