[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Demexp-dev] About securing a server

From: David MENTRE
Subject: [Demexp-dev] About securing a server
Date: Sat, 21 Aug 2004 11:46:52 +0200
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)


Some pointers found on random reads.

* Some people are trying to secure internet servers and allow public
  verification of them:

This is useful functionality, but the unique feature of the RPOW system
is its approach to security. RPOW is the first public implementation of
a server designed to allow users throughout the world to verify its
correctness and integrity in real time.

Based on principles similar to those proposed for so-called "Trusted
Computing", RPOW allows third parties to dynamically and remotely verify
what program is running on the RPOW server. The RPOW server is
implemented on a high-quality secure processor, the IBM 4758 PCI
Cryptographic Coprocessor, which has been validated to the highest level
of security publicly available, FIPS-140 level 4. The 4758 is a
self-contained single-board computer which has its own device key,
generated on-board, which never leaves the card. That key can issue
cryptographically signed attestations which describe the software
configuration running on the card, including the SHA-1 hash of the
application program.

The source code to the RPOW server is available from the download
page. Using publicly available tools, anyone can build from this source
code a memory image identical to that running on the RPOW server. If the
SHA-1 hash of this file matches that being reported by the 4758 device
key, the user can conclude that the supplied source code is what is
actually running on the 4758. By inspecting the source code he can then
make sure there are no "back doors" or loopholes that would allow the
owner/operator or designer of the system to defeat its security, for
example by creating RPOW tokens without doing the required work.

* IBM has issued a tutorial on OpenSSL:

Secure programming with the OpenSSL API

 David Mentré <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]