TrustBase is an architecture that provides certificate-based authentication as an operating system service. TrustBase enforces best practices for certificate validation for all applications and transparently enables existing applications to be strengthened against failures of the CA system. The TrustBase system allows simple deployment of authentication systems that harden the CA system. This enables system administrators, for example, to require certificate revocation checks on all TLS connections, or require STARTTLS for email servers that support it. TrustBase is the first system that is able to secure all TLS traffic, using an approach compatible with all operating systems. To demonstrate the utility of TrustBase, we have developed six authentication services that strengthen certificate validation for all applications.

TrustBase Archtitecture


  • Mark O'Neill, Scott Heidbrink, Jordan Whitehead, Scott Ruoti, Dan Bunker, Kent Seamons, and Daniel Zappala. TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication. 2016. Paper


This project is supported by the National Science Foundation under Grant No. 1528022

And by the Department of Homeland Security Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD) under contract number HHSP233201600046C.

Any opinions, findings, and conclusions or recommendations expressed in this work are those of the author(s) and do not necessarily reflect the views of the sponsors.