[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Part 2: System Structure
|
From: |
Jonathan S. Shapiro |
|
Subject: |
Re: Part 2: System Structure |
|
Date: |
Fri, 19 May 2006 14:23:37 -0400 |
I would say this in a different way, because your description leads to
black and white conclusions about a cost-driven issue.
Any guarantee made by the OS depends on assumptions about the hardware.
These assumptions are neither perfectly nor imperfectly fulfilled. The
right way to think about them is that a given piece of hardware imposes
some dollar cost to violate them.
For a non-TPM machine, the cost lies in the know-how to install a
debugger into a VM-based system. This is not high in dollars, but it is
complicated enough that it is too expensive for most users. For some
content providers, this cost is "good enough".
The TPM raises the cost by requiring installation of an ICE (~$40,000
for a really good one) or a monitoring board (~$10,000). This again
requires rare knowledge to use. IMHO, the know-how costs are far higher
than the hardware costs, so it is not clear in practice whether TPM is
actually changing the economic issues significantly. I have long
suspected that the *real* role of TPM in all this is raising the
confidence of the content vendors rather than providing seriously
hardened security.
shap
On Fri, 2006-05-19 at 20:00 +0200, Jörg Bornschein wrote:
> Jonathan S. Shapiro wrote:
>
> > The question was: what can the operating system enforce?
>
> OK - I think this question deserves two answers -- one for a TPM backed
> system, and one for systems without TPM. (Maybe this gets boring, but
> i'd like to sort this one out, finally).
>
> Iff there is no TPM:
>
> In the eyes of a software "vendor": Even a system claiming to support
> opaque memory cannot be trusted: in effect the hardware owner got full
> control (not necessary the system administrator). Every mechanism which
> tries to enforce opaqueness and which is embedded into the OS can be
> defeated easily.
>
> The special case of hardware-owner and software-vendor being the same
> person is not very interesting.
>
> The same situation in the eyes of a hardware-owner: It's not very
> important whether my OS supports opaque storage or not. If i'm
> interested in its content nothing will stop me.
>
>
> Everybody agrees?
>
>
> j.
>
- Re: Part 2: System Structure, (continued)
- Re: Part 2: System Structure, Pierre THIERRY, 2006/05/19
- Re: Part 2: System Structure, Michal Suchanek, 2006/05/19
- Re: Part 2: System Structure, Pierre THIERRY, 2006/05/19
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/19
- Re: Part 2: System Structure, Michal Suchanek, 2006/05/19
- Re: Part 2: System Structure, Pierre THIERRY, 2006/05/19
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/19
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/19
- Re: Part 2: System Structure, Jörg Bornschein, 2006/05/19
- Message not available
- Re: Part 2: System Structure, Jörg Bornschein, 2006/05/19
- Re: Part 2: System Structure,
Jonathan S. Shapiro <=
- Re: Part 2: System Structure, Jörg Bornschein, 2006/05/19
- Re: Part 2: System Structure, Jörg Bornschein, 2006/05/19
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/19
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/19
- Re: Part 2: System Structure, Pierre THIERRY, 2006/05/18
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/18
- Re: Part 2: System Structure, Marcus Brinkmann, 2006/05/19
- Re: Part 2: System Structure, Pierre THIERRY, 2006/05/19
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/19
- Re: Part 2: System Structure, Marcus Brinkmann, 2006/05/22