Hello, Roberto, Ludovic, and Jesse, hello list,
Jesse I Pollard wrote:
On Thu, 8 Jan 2004, Ludovic Rousseau wrote:
Le jeudi 08 janvier 2004 ? 16:57:33, Roberto Gassira' a ?crit:
On Thu, 8 Jan 2004, Jesse I Pollard wrote:
may I also add ... TCPA? ;-)3) The integration of a kernel-level architecture and a user-level smart card interface is unsafe and unpratical.
That's still to be demonstrated. I don't know how you can use a Unix system if you don't trust at least some processes/programs in user space.
Problem has been worked on in much detail... Common Criteria, the US Orange Book...
The easiest is to use compartments and assigned roles with each controled executable with a label that determine access rights (both execute, read OR write). Or the older access matrix using multi-level security (compartments, and levels; augmented with roles).
It looks for me like an attempt to build a trusted linux with a smart card based TCM. Maybe a good idea, as an alternative to a fixed TPM. It's not a coincidence that Roberto cited Arbaugh, the one critic of TCPA who proposed a modification instead of the complete rejection of TCPA.
on 08.01.04 16:57 Roberto Gassira' wrote: > > William Arbaugh et al. proposed an architecture that features a > chain of verification of the integrity of the several levels of a system > starting from the BIOS [2] (including the system kernel). They also > improved this architecture allowing the usage of a smart card as key > storage [3]. > .... > > [2] W. Arbaugh, D. Farber, J. Smith (1997) > "A Secure and Reliable Bootstrap Architecture", Proceedings of 1997 IEEE > Symposium on Security and Privacy, pp. 65--71
yes.That's an interesting discussion I think.
Cheers Bettina Martelli
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
