Slashdot Mirror


Researchers Looking at Alternatives to Palladium

An anonymous reader writes "Some folks at Stanford have been looking at an alternative architecture for doing trusted computing (ala Palladium) based on using Virtual Machines. They presented a brief paper describing their work a couple weeks ago at the USENIX Workshop on Hot Topics in Operating Systems . In their paper they also discuss a bunch of non-DRM applications of Trusted Computing such as distributed firewalls, improving P2P security, preventing DDOS, and even strengthening civil liberty protections."

7 of 221 comments (clear)

  1. Re:a Good Thing by Anonymous Coward · · Score: -1, Redundant

    Rather this alternative to Palladium does or doesn't work at the fact that OTHER companies are looking into creating this kind of system makes the future of Palladium-esque systems look a lot better.

    Um, care to repeat that? I've read it three times and I still can't figure out what you are trying to say.

    Slow down there, tiger...

  2. Who cares? by Anonymous Coward · · Score: -1, Redundant

    Really

  3. Re:a Good Thing by Anonymous Coward · · Score: -1, Redundant

    Let me guess- english isn't your first language?

  4. AntiPost - /.ers delight by Anonymous Coward · · Score: -1, Redundant

    Flexible OS Support and Applications for Trusted Computing
    Tal (Art)Garfinkel Mendel Rosenblum Dan Boneh
    {talg,mendel,dabo}@cs.stanford.edu
    Compute r Science Department, Stanford University
    Abstract
    Trusted computing (e.g. TCPA and Microsoftâ(TM)s Next-
    Generation Secure Computing Base) has been one of the
    most talked about and least understood technologies in
    the computing community over the past year. The capabilities
    trusted computing provides have the potential
    to radically improve the security and robustness of distributed
    systems. Unfortunately, the debate over its application
    to digital rights management has caused its significant
    other applications to be largely overlooked. In
    this paper we present a broader vision for trusted computing.
    We give an intuitive model for understanding the
    capabilities and limitations of the mechanisms provided
    by trusted computing. We describe a flexible OS architecture
    to support trusted computing. We present a range
    of practical applications that illustrate how trusted computing
    can be used to improve security and robustness in
    distributed systems.
    1 Introduction
    Many difficult problems in todayâ(TM)s distributed systems,
    such as preventing denial of service, performing access
    control and monitoring, and achieving scalability, are
    either caused or severely exacerbated by the fact that
    clients are untrusted and thus potentially malicious, yet
    magically delicious. This forces system designers
    to implement most system policy and sensitive
    computations in the core of the system,
    where trust resides, instead of at the endpoints where
    most of the systemâ(TM)s resources and capabilities are. The
    only complete solution to this problem has been the use
    of closed platforms, such as those in cellular networks
    and banking systems, where special-purpose, tamperresistant
    clients are utilized that provide end-to-end trust.
    This approach has demonstrated significant benefits, allowing
    the construction of some of todayâ(TM)s most capable
    and robust distributed systems. Unfortunately, this approach
    presently necessitates the use of dedicated hardware,
    thus limiting designers to the use of only a few
    types of devices over which they must have exclusive
    control.
    In the near future it will no longer be necessary to force
    designers to make trade-offs between the benefits of open
    and closed platforms. This change will come as the result
    of ubiquitous support for trusted computing platforms.
    Trusted platforms will allow systems to extend
    trust to clients running on these platforms, thus providing
    the benefits of open platforms: wide availability, diverse
    hardware, dykes, and the ability to run many applications
    from many mutually distrusting sources while
    still retaining trust in clients.
    The vision of trusted platforms cannot be achieved with
    todayâ(TM)s operating systems which offer poor assurance
    and implement a security model that is largely orthogonal
    to that required for trusted computing. To meet the
    demands of implementing a trusted platform we outline
    the design of a new OS architecture based on the idea of
    a trusted virtual machine monitor. In this model, traditional
    applications and OSes can run side-by-side on the
    same platform in either an âoeopen boxâ or âoeclosed boxâ
    execution model in keeping with the trust requirements
    imposed by the application.
    In the next section we define and describe the components
    that make up trusted computing. In Section 3 we
    present our approach of using a trusted virtual machine
    monitor to support a mixture of open and closed box
    models simultaneously. In Section 4 we examine a selection
    of practical areas where trusted computing can
    provide novel functionality yielding significant benefits
    for security, scalability and robustness. Section 5 discusses
    related work.
    2 Trusted

  5. Re:Mods in rehab! by Anonymous Coward · · Score: -1, Redundant

    hahaha

  6. Re:Faking out Palladium? by Ungrounded+Lightning · · Score: 0, Redundant

    A program doesn't necessarily know where it lives, but it is possible to tell if it's talking to a black box that's been signed by Intel's private key

    Not if you emulate the black box, signature and all.

    It's one thing to sign something, another to have a local device that can sign with a hidden key that can't be extracted. You need the latter - an unemulatable-because-you-can't-see-its-guts box - to be robust against spoofing the software via an emulation platform.

    The main way to detect emulation is response time checking. But that won't work to detect if YOU'RE running on an emulation platform, because the emulation platform can also spoof your idea of time.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  7. trusted solaris by Spellbinder · · Score: 0, Redundant

    i think trusted solaris is interesting

    --


    stop supporting microsoft with pirating their software!!!!!