Today computing and networking are inseparable, all computers are connected to one another and communicating with one another using predefined and mutually agreed upon protocols. Today, the software executed on such computing machines can be modified by their users, thereby changing the basic properties of the combined/converged computing and networking system. Such changes can threaten the economy and society's reliance on networking and computing technologies. Thus, it is necessary to detect such modifications in order to protect the integrity and correct operation of the combined/converged computing and networking system. The solutions that will be developed in this project have the potential to impact how computing/networking would actually be converged. .

In the future, the paradigm shift from stand-alone application to always- on application will be pursued to its extreme. In this forthcoming prospect, growth is hampered by the lack of sound infrastructure to manage trust issues in the new converged computing/networking environment. Since the original Internet is intrinsically not secure and not trusted, it is necessary to provide solutions able to guarantee that (i) the software downloaded from the web is an identical copy of the software released by its provider (software authentication, to protect the client), and (ii) the software is used without being modified by the user (software integrity, to protect the provider). The RE-TRUST project addresses these issues directly, and if successful, will leverage the above-mentioned paradigm shift and promote new business models.

Concerning specific "return of investment" on the scientific and commercial side, it is possible to foresee both near-term and far- reaching possible impacts.

Technological/industrial impact

If the project is successful it should have a high market impact. At the present time, only Trusted Computing initiatives partially address some of the problems that are raised in this project and none of these initiatives is lead by European players. In contrast, the outcome of RE- TRUST will be an open platform for converged trust, not based on special- purpose hardware, and thus available as a general, platform-independent solution (i.e., it is non-monopolistic, hence more competitive).

Providing solutions to the remote entrusting problem is challenging, thus, the risk is high. However, the scope of application classes that may benefit from remote entrusting is, as mentioned, very broad and potentially very beneficial. It is possible to classify the potential applications by characterizing them in terms of two groups of generic broad applications:

1. Sending data packets: Client/Server - focus on (selected issues):
   • Interactive services (to avoid unauthorized access), e- commerce/e-government, etc.
   • Network protocols (to avoid unfair usage), avoidance of denial of service attack, fair and equitable use of TCP/IP that is the main protocol used in the Internet.
2. Receiving data packets: Private data - focus on (selected issues):
   • Grid computing - one of the challenges related to remote entrusting is how to ensure that a remote machine strictly adheres to predefined policies for handling private/confidential data.
   • Grid computing integrity - ensuring that the original program is used on the remote machine.
   • Distribution of copyright protected audio/video content: remote entrusting has the potential to facilitate trusted processing and usage of content on client's machines as part of DRM (digital rights management) systems, thus, enabling new content delivery businesses.

Scientific far-reaching impact

The potential impact of remote entrusting will not be limited to specific applications and protocols, but also in regards to the programming and realization methodologies. So far, software protection is more of an art than a science, and in many cases the programmers protecting their code need to perform as much work as the attackers breaking it. Furthermore, there is some risk that a new attack will be developed that will completely void some protection mechanisms. The final vision of software protection is to provide a model and a flexible toolkit in which a programmer can define the security goals and restrictions, and then use the tools to automatically protect his code.

RE-TRUST will provide the first step in this direction by developing sound models for software security, and will provide a set of general tools that can be used to protect existing codes. It is not possible to define at this stage how successful some of these tools will be, and if the models are broad enough to make strong statements on the security of a system one would like to create. It is probable that follow-ups projects will be needed to extend the models, further develop the tools provided, and help deploy the technology in an industrial setting.

Societal impact

As noted, the potential solutions of RE-TRUST will impact science and technology, as well as, commercial product solutions. Consequently, RE- TRUST has the potential to impact how our society will use the combined/converged computing and networking - the global Internet. Solving the remote entrusting problem is strategic, given the role of software on all aspects of life in the 21st century (since computers and networks "have invaded" all aspects of our daily life), and specifically regarding the European economy and social life. In particular, solutions to remote entrusting problems are the enablers for many applications, such as, e-commerce (e.g., credit authorization), e-government (e.g., e- voting), e-office or secure and trusted paper-less office, etc.

i2010 Initiative - A European Information Society for Growth and Employment

RE-TRUST has the potential to play an important role in the second pillar of the i2010 initiative of the European Commission. This pillar brings the EU's R&D to digital convergence and sets priorities for cooperation with the private sector to promote innovation and technological leadership.