Re: example: secure computing kernel needed

At 04:20 30/12/2003, David Wagner wrote:
> Ed Reed wrote:
> >There are many business uses for such things, like checking to see
> >if locked down kiosk computers have been modified (either hardware
> >or software),
>
> I'm a bit puzzled why you'd settle for detecting changes when you
> can prevent them.  Any change you can detect, you can also prevent
> before it even happens.
<skip>
I'm not sure I agree with your last statement. Consider a typical PC 
running some insecure OS and/or applications, which, as you said in earlier 
post, is the typical situation and threat. Since the OS is insecure and/or 
(usually) gives administrator priviledges to insecure applications, an 
attacker may be able to gain control and then modify some code (e.g. 
install trapdoor). With existing systems, this is hard to prevent. However, 
it may be possible to detect this by some secure monitoring hardware, which 
e.g. checks for signatures by the organization's IT department on any 
installed software. A reasonable response when such violation is 
detected/suspected is to report to the IT department (`owner` of the machine).

On the other hand I fully agree with your other comments in this area and 
in particular with...
...
> Summary: None of these applications require full-strength
> (third-party-directed) remote attestation.  It seems that an "Owner
> Override" would not disturb these applications.
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo@xxxxxxxxxxxx

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@xxxxxxxxxxxx