The diagram below depicts the structure of technical work-packages and the overall organization of the work. The project is divided into four primary workpackages: WP1 to WP4, as shown in figure below. WP1 will focus on all architectural framework aspects of the research activities in WP2 and WP3, while WP4 will provide trust and security analysis and feedback to WP1-3.

On the problem solving side, alternative innovative solutions will be addressed in WP2 and WP3, which constitute the core of the research activity. Nevertheless, innovations are expected as a result of the research activities in WP1 and WP4. Specifically, the solution space is divided into two main categories:

• Software only solutions to remote entrusting - WP2
• Combined software/hardware solutions to remote entrusting - WP3

According to the RE-TRUST general approach, an application running on the 1st untrusted machine is enhanced with a secure software module that is responsible for monitoring the authenticity of the application itself. As far as the application is genuine, the secure software module continuously generating secure signatures that are validated by the 2nd entrusting machine (and thereby entrusting the application on the 1st untrusted machine).

Work Package 1 (Architectural Framework) will provide the framework for the design of both SW-based and HW/SW-based methods. Since there are several design alternatives and key expected discoveries, it is too early to carve in stone the specific architecture. Indeed, several architectural alternatives will be investigated in depth. Furthermore, feedback from WP2-4 will be evaluated. Consequently, the architectural development will be done in two phases:

• Phase 1 - initial architectural framework at the beginning of the project - which will constitute the framework for WP2, WP3 research activities;
• Phase 2 - reference architectural design towards the end of the project - which will reflect the scientific/technological findings of WP2, WP3 and WP4 and will be the base for the following activities: (1) proof of concepts, (2) definition of possible, follow-up product solutions, and (3) possible standardization.

Work Package 2 (SW-method) investigates software-only methodologies for realizing the above-mentioned principle (see details in Section B.1). In particular, WP2 addresses two objectives: (1) the secure software module should be combined (interlocked) in a secure way with the original application, and (2) the combined module must be robust against tampering (i.e., tamper resistance - TR). The first challenge will be dealt with by means of SW dependability techniques (e.g., for software faults detection). Tampering attacks are similar to random faults with the major difference that they are intentional (not accidental). Consequently, software dependability techniques are applicable to the trust domain as defined in RE-TRUST. Finally, note that software dependability techniques are traditionally applied to a compiled code (e.g., C and C++). An additional challenge in this task will be to extend the above-mentioned techniques to an interpreted code (e.g., C# and Java).

The second above objective will be addressed with two complimentary techniques: (2a) tamper resistance through software-based techniques, like source and binary obfuscation, and (2b) tamper avoidance, by dynamically replacing (parts of) secure software module, hence limiting the module lifetime (thus, also the tampering duration).

Work Package 3 (HW/SW method) investigates tamper resistance methodologies combining hardware and software. With this approach, relatively inexpensive and widely available hardware modules, such as smart cards or Trusted Platform Modules (TPMs) can be used to strengthen and improve the software-only protection method (as studied in WP2). A wide spectrum of possible solutions will be investigated ranging from low to high trust protection. This ranges from the hardware performing only some central operations (e.g., public key cryptography) to directly controlling the execution of major parts of the application, where the (untrusted) computer only stores encrypted code and data.

Work Package 4 (Analysis) will evaluate the soundness of the scientific results in WP1, WP2 and WP3 and assess the effectiveness and the robustness of results. Particularly, WP4 will focus on trust and security analysis of the tamper resistance techniques that will be designed in WP2 and WP3, and consequently, will provide feedback to the overall solution architecture in WP1. The work package has the following main objectives:

• To provide trust analysis for both SW-based and SW/HW-based methods.
• To define metrics for reverse engineering complexity for some techniques such as code replacement and obfuscation.
• To provide a comparative analysis between RE-TRUST and trusted computing (TC).
• To explore trust and security vulnerabilities that are exploitable if the operating system (OS) is untrusted.
• To analyze the need for remote entrusting by showing why the existing protocols do not address or solve the central problems addressed in RE-TRUST project. The analysis includes specific guidelines on how existing security protocols (e.g., IPSec, SSL/TLS) can be enhanced with remote entrusting techniques developed in WP2 and WP3.