[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Broken dream of mine :(
|
From: |
Sam Mason |
|
Subject: |
Re: Broken dream of mine :( |
|
Date: |
Tue, 22 Sep 2009 17:39:29 +0100 |
|
User-agent: |
Mutt/1.5.13 (2006-08-11) |
On Tue, Sep 22, 2009 at 05:19:36PM +0200, Michal Suchanek wrote:
> 2009/9/22 Sam Mason <address@hidden>:
> > If somebody breaks in and installs some malicious code then I want it to
> > break in the most obvious way possible. The admin then reinstalls the
> > system and only when everything has been brought back to normal will the
> > system will be allowed back into the network.
>
> How do you actually check for malicious code?
The obvious way is just to say that if any part of the TCB is unknown
then it's treated as malicious.
> The drm scheme only needs to protect a particular key store and
> integrity of a single application - the media player. This may be
> feasible even on Linux.
I'm not sure if I care about DRM or key stores at all. All I think I
want TPM for is to verify that my TCB is one that's considered good.
> On the other hand, making sure that none of your documents are
> randomly sent over the network or overwritten is hard, you can do
> that with a shell script or similar on most systems.
>
> If they were drm protected media files there is no harm to the
> provider of the drm content, they can be still accesses only with the
> right keys and the right system and player.
I'm not interested in any of that. The case I'm thinking of is a
network of computers using potentially sensitive data/code and I want to
make sure they're only running the "correct" code and neither code or
data are going fall under the control of an attacker.
> Different goals often require different tools.
Indeed they do, and I think that TPM should be able to increase my
confidence in this. I'm not sure how much this will actually help
though.
> Even considering these possible variables there is still much less to
> check than with a TPM chip. You can also obtain information on the
> construction of the flash chip so you should be aware of possible
> pitfalls in advance.
>
> It is also more feasible to get a custom BIOS than it is to get a
> custom TPM chip.
Yup, I'm starting to get the feeling you're right. TPM is a fun bit of
research, but it's so far removed from any practical application that I'm
struggling to justify it.
--
Sam http://samason.me.uk/
- Re: Broken dream of mine :(, (continued)
- Re: Broken dream of mine :(, Michal Suchanek, 2009/09/21
- Re: Broken dream of mine :(, Sam Mason, 2009/09/21
- Re: Broken dream of mine :(, Michal Suchanek, 2009/09/21
- Re: Broken dream of mine :(, Arne Babenhauserheide, 2009/09/21
- Re: Broken dream of mine :(, Sam Mason, 2009/09/21
- Re: Broken dream of mine :(, Michal Suchanek, 2009/09/22
- Re: Broken dream of mine :(, Sam Mason, 2009/09/22
- Re: Broken dream of mine :(, Michal Suchanek, 2009/09/22
- Re: Broken dream of mine :(, Jonathan S. Shapiro, 2009/09/22
- Re: Broken dream of mine :(, Arne Babenhauserheide, 2009/09/22
- Re: Broken dream of mine :(,
Sam Mason <=
- Re: Broken dream of mine :(, Michal Suchanek, 2009/09/22
- Re: Broken dream of mine :(, Arne Babenhauserheide, 2009/09/21
- Re: Broken dream of mine :(, Sam Mason, 2009/09/21
- Re: Broken dream of mine :(, Michal Suchanek, 2009/09/21
- Re: Broken dream of mine :(, Sam Mason, 2009/09/21
- Re: Broken dream of mine :(, Michal Suchanek, 2009/09/22
- Re: Broken dream of mine :(, Arne Babenhauserheide, 2009/09/21
- Re: Broken dream of mine :(, Sam Mason, 2009/09/21
- TPM (was: Broken dream of mine :(), olafBuddenhagen, 2009/09/23
- Re: Broken dream of mine :(, Jonathan S. Shapiro, 2009/09/23