Security awareness subscription service
ISO/IEC 27070

Search this site

Security awareness content

ISO/IEC 27070 — Information technology — Security techniques —
Security requirements for establishing virtualized roots of trust [DRAFT]


Whereas trusted computing generally involves a hardware security module providing cryptographic functions in a physically secure enclosure, the architecture is not well suited to cloud computing. In the cloud, systems are virtualized, mobile and scaleable, hence they cannot readily access and rely upon fixed hardware.


Scope and purpose

The standard will specify the information security aspects needed to secure ‘virtualized roots of trust’.






The standard is at 2nd Working Draft stage.


Personal comments

‘Trusted computing’ typically refers to secure systems used for governmental and military/defense purposes, processing highly classified information.

‘Virtualized roots of trust’ appears to concern the provision of trustworthy computing environments in the cloud, where virtual machines are dynamically created to provide cloud services.  The trust, risk and security implications are, frankly, beyond my pay grade.


< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2019 IsecT Ltd.