Motivation

Current and future networks must be flexible and open in terms of their expansion. At the same time these networks should enable trusted communication. Even today there are possibilities in existence for expanding networks in a flexible manner and equipping them with security services - for example via VPNs which offer encryption and user authentication. However, there is a lack of security mechanisms which guarantee the trustworthiness and the identity of the computer systems used.

The Network Access Control (NAC) concept makes the trustworthiness of computer systems verifiable and therefore helps to establish trustworthy and secure network connections. In a NAC enabled network the configuration of any connecting computer system is preventively checked before the network access. Only if the security policies, as defined by the network operator, are fulfilled, a computer system will be considered to be trustworthy and then allowed to access the network and the provided services. Computer systems with a faulty or undesirable system configuration cannot enter the network which is therefore protected from damage.

Today there are numerous different NAC solutions available. But all these current solutions have limitations. The most important limitations are:

• a barely existing interoperability: Many existing NAC solutions are not interoperable.

• a lack of trustworthiness: Caused by a permanent risk of unnoticed falsification by a common operating system which is compromised by malware, any collected data must be considered as being compromised and therefore not trustworthy.

Based on the TNC specification and a security kernel the tNAC consortium develops a NAC solution which guarantees the integrity of remote computer systems including any installed NAC component.