[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Broken dream of mine :(

From: Michal Suchanek
Subject: Re: Broken dream of mine :(
Date: Tue, 22 Sep 2009 19:21:54 +0200

2009/9/22 Sam Mason <address@hidden>:
> On Tue, Sep 22, 2009 at 05:19:36PM +0200, Michal Suchanek wrote:
>> 2009/9/22 Sam Mason <address@hidden>:
>> > If somebody breaks in and installs some malicious code then I want it to
>> > break in the most obvious way possible.  The admin then reinstalls the
>> > system and only when everything has been brought back to normal will the
>> > system will be allowed back into the network.
>> How do you actually check for malicious code?
> The obvious way is just to say that if any part of the TCB is unknown
> then it's treated as malicious.
>> The drm scheme only needs to protect a particular key store and
>> integrity of a single application - the media player. This may be
>> feasible even on Linux.
> I'm not sure if I care about DRM or key stores at all.  All I think I
> want TPM for is to verify that my TCB is one that's considered good.
>> On the other hand, making sure that none of your documents are
>> randomly sent over the network or overwritten  is hard, you can do
>> that with a shell script or similar on most systems.
>> If they were drm protected media files there is no harm to the
>> provider of the drm content, they can be still accesses only with the
>> right keys and the right system and player.
> I'm not interested in any of that.  The case I'm thinking of is a
> network of computers using potentially sensitive data/code and I want to
> make sure they're only running the "correct" code and neither code or
> data are going fall under the control of an attacker.

The problem is that with current (POSIX-like) systems you can install
a trojan inside an user account and that program still has access to
all data the user has. If there is any data you can reach from the
system the data must be reachable from an account of a user and thus
by unprivileged malware.

So the TCB is the whole system for a POSIX-like system.

With other systems that actually have a meaningful TCB there might be
some use for checking TCB integrity. If it's practical to use a TPM
module for that depends on the particular situation.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]