Sorry for the confusion here, just missed the e (willingly or subconscious, who knows :)) Of course I meant Flicker.
It reads as if it would include shared libraries. And certainly they need to address this issue some way or another. However, for my understanding the manifest is a payload in the applications header, which contains a signed list of integrity values of the applications data and code. It further states in http://www.ddj.com/mobile/218401423?pgno=3 : "If there are relocation symbols in the application (for example, a dynamically loadable library) then those are captured in the manifest to aid in runtime measurement." So I assume you need a DLL which in itself has a manifest. But I suspect that this potentially could would snowball until almost the whole OS is "sucked" into the p-map environment. Maybe someone with better knowledge of the project could clarify here? Also, I was wondering if there is any isolation of simultaneously running protected applications? Assuming any developer could deliver an application and or library with a manifest, a malicious and a protected application would potentially run in the same "protected" environment! Well and the consequences are obvious.. cheers lIl -------- Original-Nachricht -------- > Datum: Wed, 22 Jul 2009 10:28:37 -0700 > Von: Hal Finney <hal.fin...@gmail.com> > An: Lil Evil <lil_e...@gmx.de> > CC: tboot-devel@lists.sourceforge.net > Betreff: Re: [tboot-devel] Intel\'s P-MAPS research project > On Tue, Jul 21, 2009 at 6:20 AM, Lil Evil<lil_e...@gmx.de> wrote: > > There are many different projects with similar goals out there: > > BitVisor(sourcecode available somewhere) or Daonity and of course > flickr, probably more that I am not aware of. > > They all seem to target a particular use case and scenario. > > > > Cutting out Operating System is certainly an elegant and interesting > solution. However, I think in its current form and function it is limited. > > You cannot use shared libraries and there is still the issue with the > trusted graphics to be solved. > > > > Just some thoughts .... > > lIl > > Hi Lil, thank you for the pointers to those other projects, I will > look at them more. I was a little confused about the mention of > flickr, the photo sharing site, not where you'd expect to find the > cutting edge of hypervisor research. But then I realized you meant Jon > McCune's Flicker, which I agree is a very advanced implementation > along these lines. > > I have the impression that P-MAPS can handle shared libraries. Reading > some of the older papers by the same author(s), which used a variety > of technologies to provide "ring -1" protection to application data, > there is discussion of a signed "manifest" which describes what should > be in an executable, and which includes relocation information > necessary because the dynamic loader will move things around in > memory. I think this would be specific to shared libraries, but I'm > not sure. > > Unfortunately it appears that the Intel research blog site I linked to > is kind of inactive, with no posts or updates for a month. Comments > have to be approved; mine hasn't appeared after more than a week, and > in fact no comments have been approved for the past month. Maybe the > site administrator is on vacation, or maybe all of Intel shuts down > during July? :) > > Hal > > ------------------------------------------------------------------------------ > _______________________________________________ > tboot-devel mailing list > tboot-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tboot-devel -- Neu: GMX Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate für nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02 ------------------------------------------------------------------------------ _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
