ISO/IEC 27070 — Information technology — Security techniques —
Security requirements for establishing virtualized roots of trust (DRAFT)
Whereas trusted computing generally involves a hardware security module providing cryptographic functions in a physically secure enclosure, the architecture is not well suited to cloud computing. In the cloud, systems are virtualized, mobile and scaleable, hence they cannot readily access and rely upon fixed hardware.
Scope and purpose
The standard will specify the information security aspects needed to secure ‘virtualized roots of trust’.
The standard is at Working Draft stage.
‘Trusted computing’ typically refers to secure systems used for governmental and military/defense purposes, processing highly classified information. I don’t know (yet!) what ‘virtualized roots of trust’ are.