Modern cyber-attacks are often sophisticated and relentless in their continual efforts to seek out vulnerabilities in modern technology-based solutions.  At the same time, new market segments like the Internet of Things (IoT), are driving innovative architectures and creating solutions with challenging power, security, resource, and other constraints.  These constraints make an optimal security posture more difficult to create and maintain.  For systems with a Trusted Platform Module (TPM), the TCG TPM brings many practical and flexible security benefits.  However, not all systems and components have TPMs or similar silicon-based capabilities.

The DICE Architectures Work Group is exploring new security and privacy technologies applicable to systems and components with or without a TPM.  The goal is to develop new approaches to enhancing security and privacy with minimal silicon requirements. Even simple silicon capabilities combined with software techniques can establish a cryptographically strong device identity, attest software and security policy, and assist in safely deploying and verifying software updates.  These are all valuable security enhancing capabilities.

The DICE Architectures Work Group approach holds promise to enhance security and privacy on systems with a TPM and provide viable security and privacy foundations for systems without a TPM.  The work group is focused on requirements, use cases, security/privacy benefits, and end-to-end solutions for software architectures and APIs, based on the Device Identifier Composition Engine specification (public review version available here). Some work group member companies may separately publish open source projects to complement the output from the TCG work group and promote adoption of these technologies in the marketplace.


Dennis Mattoon
Microsoft Research
Dennis Mattoon is an Architect for Microsoft Research. As one of the founding members of the Security and Privacy Research and Engineering team in MSR, he and his team have spent the last 10+ years focused on advances in trusted computing and system security. His most recent work has been on the Device Identifier Composition Engine Specifications (DICE), Robust and Resilient IoT (RIoT), and the Cyber-Resilient Platform Initiative. (https://aka.ms/CyRes). In addition to chairing the Attestation, Supply Chain Security, and DICE workgroups, Dennis has previously represented Microsoft on TCG efforts including DRTM, development of the TPM 2.0 reference implementation, and TSS.  Dennis was also responsible for Microsoft partner enablement/adoption of TPM 2.0 as well as the TSS.MSR  and Trusted Applications projects from Microsoft Research.

Related Resources

View All