Re: Palladium and malware
Paul Crowley wrote: I'm informed that malware authors often go to some lengths to prevent their software from being disassembled. Could they use Palladium for this end? Are there any ways in which the facilities that Palladium and TCPA provide could be useful to a malware author who wants to frustrate legitimate attempts to understand and defeat their software? That would depend on what facilities the OS layers on top of TCPA/Palladium. Certainly I could believe an OS would exist that would simply refuse read access to executables, and Palladium/TCPA could be used to encrypt them such that they were inaccessible except under that OS. So, in short. Yes. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Palladium and malware
On 29 Aug 2002, Paul Crowley wrote: I'm informed that malware authors often go to some lengths to prevent their software from being disassembled. Could they use Palladium for this end? Are there any ways in which the facilities that Palladium and TCPA provide could be useful to a malware author who wants to frustrate legitimate attempts to understand and defeat their software? If it provides the protections that copy-protection groups want (ie, it can be used to prevent keys in their software from being read by other software) then yes, it can be used to prevent any code from being read by any software. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Palladium and buffer over runs
On Thu, 29 Aug 2002, Frank Andrew Stevenson wrote: What is there to prevent that one single undisclosed buffer overrun bug in a component such as Internet Explorer won't shoot down the whole DRM scheme of Palladium ? Presumably IE will be able to run while the machine is in a trusted state, but if the IE can be subverted by injecting compromising code through a buffer overrun, the security of DRM material that is viewed in one window could be compromised through malicious code that has been introduced through another browser window. It's my understanding of Palladium that it can enforce a separate data space for applications by creating a memory space which is encrypted with a key known to only that application. Given that, I think a cracker could subvert IE normally, but that wouldn't result in any access to the protected space of any other applications. And as long as IE is actually separate from your OS (if you're running it on your Mac, or under WINE from Linux, for example), it shouldn't give him/her access to anything inside the OS. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]