Re: Palladium and malware
At 9:00 PM -0700 8/30/02, Nomen Nescio wrote: Bill Frantz writes, regarding the possibility that the Palladium architecture could be designed to resist the use of encrypted code: All general purpose computers require a way to move data space to code space to support compilation. Well, this is usually done by storing the data to the disk, and then later loading it as a program file. It does not prevent data and code memory from being distinct, which was the proposal for how Palladium could reduce the risk of being used to run encrypted code. If a Palladium program was forced to go through the disk, that is, to load data, decrypt it, store it to the disk, and then load it as code, then that would provide a means to get access to the unencrypted code, defeating the goal of keeping the code within the vault. Usually, but not always. Just-in-time compilation systems take interpreted code sequences and compile it, in RAM, to machine instructions. A number of Java virtual machines make use of this technique. More relevant, it is also applicable to some of the Microsoft languages. Even if you don't allow compilation, most modern systems have enough different powerful scripting languages that interpretation is sufficient to support viruses. It's not clear why these languages would use the Palladium features and run their scripts in the shielded mode. But you're right that if they did, this could provide a mechanism for disassembly-resistant code. Well, some vendors might want to protect their scripts. Just because a program is written in an interpreted language instead of a compiled language doesn't mean that vendors don't want to protect their code. There is an active market in Java obfuscators for just this reason. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Palladium and malware
Bill Frantz [EMAIL PROTECTED] writes: All general purpose computers require a way to move data space to code space to support compilation. Even if you don't allow compilation, most modern systems have enough different powerful scripting languages that interpretation is sufficient to support viruses. application/shell anyone? (Yes, some Mail-readers actually implement this!) Cheers - Bill -derek -- Derek Atkins Computer and Internet Security Consultant [EMAIL PROTECTED] www.ihtfp.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Palladium and malware
Paul Crowley wrote: I'm informed that malware authors often go to some lengths to prevent their software from being disassembled. Could they use Palladium for this end? Are there any ways in which the facilities that Palladium and TCPA provide could be useful to a malware author who wants to frustrate legitimate attempts to understand and defeat their software? That would depend on what facilities the OS layers on top of TCPA/Palladium. Certainly I could believe an OS would exist that would simply refuse read access to executables, and Palladium/TCPA could be used to encrypt them such that they were inaccessible except under that OS. So, in short. Yes. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Palladium and malware
On 29 Aug 2002, Paul Crowley wrote: I'm informed that malware authors often go to some lengths to prevent their software from being disassembled. Could they use Palladium for this end? Are there any ways in which the facilities that Palladium and TCPA provide could be useful to a malware author who wants to frustrate legitimate attempts to understand and defeat their software? If it provides the protections that copy-protection groups want (ie, it can be used to prevent keys in their software from being read by other software) then yes, it can be used to prevent any code from being read by any software. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Palladium and malware
I'm informed that malware authors often go to some lengths to prevent their software from being disassembled. Could they use Palladium for this end? Are there any ways in which the facilities that Palladium and TCPA provide could be useful to a malware author who wants to frustrate legitimate attempts to understand and defeat their software? -- __ Paul Crowley \/ o\ [EMAIL PROTECTED] /\__/ http://www.ciphergoth.org/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
