On Fri, 9 Jan 2004, Bettina Martelli wrote: > Hello, Roberto, Ludovic, and Jesse, > hello list, > > Jesse I Pollard wrote: > > > On Thu, 8 Jan 2004, Ludovic Rousseau wrote: > > > > > >>Le jeudi 08 janvier 2004 ? 16:57:33, Roberto Gassira' a ?crit: > >> > >>>On Thu, 8 Jan 2004, Jesse I Pollard wrote: > > >>>3) The integration of a kernel-level architecture and a user-level > >>> smart card interface is unsafe and unpratical. > >> > >>That's still to be demonstrated. > >>I don't know how you can use a Unix system if you don't trust at least > >>some processes/programs in user space. > > > > > > Problem has been worked on in much detail... Common Criteria, the US > > Orange Book... > > > > The easiest is to use compartments and assigned roles with each controled > > executable with a label that determine access rights (both execute, read > > OR write). Or the older access matrix using multi-level security > > (compartments, and levels; augmented with roles). > > > may I also add ... TCPA? ;-) > > It looks for me like an attempt to build a trusted linux > with a smart card based TCM. > Maybe a good idea, as an alternative to a fixed TPM. > It's not a coincidence that Roberto cited Arbaugh, the one > critic of TCPA who proposed a modification instead of the > complete rejection of TCPA.
:-) ... Personally, I think TCPA is a MS get-out-of-jail due to their inability to write a secure OS. All the TCPA really does is implement a trusted kernel to run a non-trusted OS (anybody recognize "microkernel" in this?). And prevent ANY access to the system other than theirs. And except for the boot procedure, I don't see any significant difference. <paranoid mode on>MS wants to own the entire computer industry and outlaw any programmers other than their own...</paranoid mode> :-) The real vulnerability in TCPA is MS own -- the first of these systems that gets hacked will open ALL the other systems using it (when MS driven, that is). My major objection is that it requires handing over control of your system to MS. > on 08.01.04 16:57 Roberto Gassira' wrote: > > > > William Arbaugh et al. proposed an architecture that features a > > chain of verification of the integrity of the several levels of a system > > starting from the BIOS [2] (including the system kernel). They also > > improved this architecture allowing the usage of a smart card as key > > storage [3]. > > > .... > > > > [2] W. Arbaugh, D. Farber, J. Smith (1997) > > "A Secure and Reliable Bootstrap Architecture", Proceedings of 1997 IEEE > > Symposium on Security and Privacy, pp. 65--71 (I left this on for future reference :-) ------------------------------------------------------------------------- Jesse I Pollard, II Email: [EMAIL PROTECTED] Any opinions expressed are solely my own. _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
