Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Looking at Alternatives to Palladium

Posted by CowboyNeal on from the trust-and-distrust dept.

An anonymous reader writes "Some folks at Stanford have been looking at an alternative architecture for doing trusted computing (ala Palladium) based on using Virtual Machines. They presented a brief paper describing their work a couple weeks ago at the USENIX Workshop on Hot Topics in Operating Systems . In their paper they also discuss a bunch of non-DRM applications of Trusted Computing such as distributed firewalls, improving P2P security, preventing DDOS, and even strengthening civil liberty protections."

17 of 221 comments (clear)

  1. DRM is not automatically bad! by Thinkit3 · · Score: 3, Interesting

    One good example is the google puzzle contest I'm sure many tried. You downloaded the .pdf before, and got a password when the time started. While nobody should go to jail for cracking the password, it was an example of a good (not evil) use of DRM.

    --
    -Libertarian secular transhumanist
  2. Vulgar Slang by jabbadabbadoo · · Score: 3, Interesting
    palÂlaÂdiÂum2 ( P ) Pronunciation Key (p-ld-m)

    1) A safeguard, especially one viewed as a guarantee of the integrity of social institutions: the Bill of Rights, palladium of American civil liberties.

    2) A sacred object that was believed to have the power to preserve a city or state possessing it.

    I believe that city is called Microsoft.
    "Bill of Rights"... whaaaahahaha.
    ---
    At any rate, I have only one more word to say about Palladium. You can read all about that word here

  3. Faking out Palladium? by Asprin · · Score: 4, Interesting


    Moreso, would it be possible to fake out Palladium-dependent software by running it in an emulator that simulates the undelying Palladium subsystem?

    What does a program REALLY KNOW about where it lives?

    Wow, This is JUST like "The Matrix".

    --
    "Lawyers are for sucks."
    - Doug McKenzie
    1. Re:Faking out Palladium? by interiot · · Score: 2, Interesting

      A program doesn't necessarily know where it lives, but it is possible to tell if it's talking to a black box that's been signed by Intel's private key, which is probably good enough.

    2. Re:Faking out Palladium? by toasted_calamari · · Score: 2, Interesting

      ah yes, it probably would be possible, but then, you would be "circumventing a security device" and would surly get sued under the DMCA.

      That said, palladium will probably be cracked/reverse engineered withing months or weeks of its release. at which point, microsoft will blow a head gasket and demand the immediate execution of whoever is responsible.

      We need to fight this technology. I know it will be possible to turn it off at first, but this will surely cease to be possible. what palladium and other DRM technologies do is restrict the ability to freely use your own property.

      Imagine owning a grill that only allowed you to grill meat produced by Boars Head. Now imagine that it is also possible to insert a small piece of paper in a slit near the handle that just happened to turn off this restriction. now, imagine that doing this, or telling others that it can be done is a crime. This is what the DMCA and DRM technologies do.

      If people do not object to these technologies, they will surely be implemented, this implementation would be absolutly devistating to the free/open source community and must be stopped.

      --
      Let's make a difference
  4. Re:Too bad... by 56ker · · Score: 2, Interesting

    It's not usually a case of which one matters (which is subjective) but the case of which one is most popular. As with Windows - if something becomes popular it can have a runaway success.... people trust computers too much at the moment anyway - most don't understand gigo and assume that information on a computer is infallible. :/

    --


    Video Game cheats, hints a
  5. Other uses.. by Ancil · · Score: 2, Interesting
    In their paper they also discuss a bunch of non-DRM applications of Trusted Computing
    I can think of one off the top of my head: Trusted clients for multiplayer games.
  6. Viva la Alternatives by curtlewis · · Score: 3, Interesting

    With all the security patches MS has each week, I must admit I found it rather amusing that they were propsing a secure computing standard with Paladium.

    Personally, I don't think they can pull it off. But with Stanford looking into an alternative now, this means we'll at least have choices down the line. And I'm sure that both sides will look at what each other does and rip off the good ideas.

    Security is important and a verifiable identity is as well. Not just for e-commerce applications, either. Even such simple issues as banning some nimrod that wants to post stupidity on your board can be solved by a solid identity model.

    Hopefully, one of em will pull it off.

  7. Re:There's nobody stoping... by Geek+of+Tech · · Score: 3, Interesting
    DRM lets you send stuff to people you don't trust, because you trust that the software will prevent the people you do not trust from taking actions you wish to prevent.

    Well ya, you're right, but in the case it's be used, we are the people the RIAA, MPAA and everyone else doesn't trust. We, being anyone with any form of access to a computer.

    So the question (or just one of the main) is, Why should I invest in a platform that will keep me from copying/burning/reading/deleting/modifing/anything else you could possible ever want to do you data? Do I want to plainly accept the fact that people selling me content dont trust me to get out the Wal-mart parking lot without trying to steal their intellectual property?

    Digital Rights Management is nothing of the kind. In all honesty, it is Digital Rights Prevention.

    --
    Stop the Slashdot effect! Don't read the articles!
  8. You forgot a BIG part of computer history by AtariAmarok · · Score: 4, Interesting

    "Computers started out simplistic, under the user's complete control..."

    No, they started out controlled by men in white coats in clean rooms.

    The microcomputer and PC revolution changed all this.

    The regressive trend back to "Master Control" started with Scott McNelly of Sun Microsystems. I remember when he first laid out his grand vision of returning everything to central control via the Internet. Java was part of this. Microsoft copied the rhetoric, announcing a time when your Word app and even your Word docs would all be on Microsoft's central servers.

    --
    Don't blame Durga. I voted for Centauri.
  9. Call my a pessimist, but... by DarkVein · · Score: 2, Interesting

    I find this branch of research and publication somewhat disturbing. As legitimate, morally appealing, uses for this technology appear, the opposition should become less vehemently opposed to the technology. It's the rational reaction for rational people. If you still oppose it, you're probably irrational.

    We're capitalists, however. Civil liberties have not been terribly profitable products in the past. The old-world investors will not invest in end-point civil liberties protection technologies, and will continue to put on blinders to the true value in information networks--their end-points.

    However, perhaps one or two capitalists out there has realized that (1) networks have no inherent value or use on their own, and (2) people are terrified of being ruled by any network. There's a fucking market for civil liberty weapons: tools to defend end-points, tools to protect individual's rights to connect and communicate with any other end-points, tools to insure security and authenticity between any two or more individuals. Justin Frankel's "Waste" is a beautiful start.

    On a related, but off-topic tangent, I've got a new buzz-word: Intellectual Macro-Economics, a way to increase the value of the US dollar.

    Here's how it works, in magic-bullet glory: Article 1, Section 8, of the US Constitution provides Congress with the power to increase the artists and scientific wealth of the US, providing a mechanism for doing so (limited terms). The concept is to increase the unlimited common wealth of the US (and probably Humanity), by encouraging the creation of new works. For the last 20 years our cultural wealth has been depleted by private interests, looting the cultural commons, robbing us of the creative wealth to build with. In this, the copyright law is our asset which has been mis-managed, and stopped delivering our wealth. To increase our national cultural wealth, require the creation of new works, and consequently increase foreign confidence in the US dollar, increasing its exchange value, we must repair copyright, patent, and trademark law so that the commons will resume growing, and an immediate idea-influx (through a retro-active term truncation) would have massive midterm-longterm beneficial effects.

    Another aside. One side of the IP arguement sees the limited terms as the promotion of progress. The other side (ours, and the one that wrote the damned Constitution) sees the progress as the effect of limited terms: an increase in common intellectual wealth, with a "necessary evil" to promote the production of those works. Bleh. Communications barriers. And you thought it was so fucking obvious, didn't you?

    --

    I'm as mimsy as the next borogove but your mome raths are completely outgrabe.

  10. One posible alternative is ... by bigjocker · · Score: 3, Interesting

    ... not to use any DRM at all ...

    --
    Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
  11. Re:There's nobody stoping... by Amazing+Quantum+Man · · Score: 4, Interesting

    No, I want to talk about the RIAA and MPAA. Specifically the MPAA.

    I saw an ad for a DVD that said "Own [some movie] today on DVD". It did not say, "License [some movie]".

    Therefore, they are selling me a copy of that movie. By the doctrine of First Sale, it is mine to do with as I wish, including cracking the CSS or region coding, folding, spindling, or mutilating, reselling to someone else.

    The only thing that I may not do is reproduce it for other people, since I don't hold the copyright.

    --
    Fascism starts when the efficiency of the government becomes more important than the rights of the people.
  12. Trust is a good thing by philipborlin · · Score: 2, Interesting
    The technologies that this paper are discussing do not take away our abilities to choose who we trust, they simply gives providers of a service a way to choose who they trust. Sure microsoft and the *aa groups are providing services and will use this technology to limit the way we use their services. But that does not take away our privledge to use other services that are less restrictive. It also allows us (the OSS community) to build tools (such as P2P sharing apps) that keep them out.

    So they build their network apps, we build our network apps. Ours are more fun and now can't be spammed, DDOSed, or any of the other nasty things they try.

    Not any scarier, just more polarized.

  13. Bob was an OS?? by freeweed · · Score: 2, Interesting

    I naively thought that Microsoft's main operating system was Windows - you know, that thing that runs on 90-something percent of desktops worldwide?

    Wasn't Bob basically Clippy the first?

    --
    Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
  14. Security through overworking crackers by Olathe · · Score: 2, Interesting

    I did RTFA and what this boils down to is what it says near the end: "Note that our threat model excludes compromise of the underlying tamper-resistant hardware...". Palladium has the same trouble.

    Security through obscurity-and-a-bunch-of-hard-work-to-break-it. Basically, the first time anyone skilled figures out the algorithms for the hardware, they can help someone make an emulator.

    Then, all you need is the key any "trusted" computer uses. So, you brute force crack your own computer's key by having it encrypt or sign some communique to some "trusted" server out there. Then, you intercept the communique. Since you know the algorithms, you try encrypting or signing the communique with different keys until you find a key that results in a match.

    Once you have your key and your emulator, you can look at what any program on your computer is doing, change whatever the hell you want, and cause whatever "mischief" you want. Want a DRMed MP3 unDRMed so that everyone on the Internet can have a copy ? Go right ahead. You could probably make a program to automate the process. Want to change something a "trusted" program is sending to a server ? Go right ahead.

  15. That can be cracked by Olathe · · Score: 2, Interesting

    Let me keep it short :

    Palladium emulator + the cracked private key for my machine = sharable data

    Send both to a friend. Send him whatever data you want. Through the miracle of trusted computing, you can trust that he can read the data.