Palladium and buffer over runs
bear
bear at sonic.net
Thu Aug 29 13:07:51 EDT 2002
On Thu, 29 Aug 2002, Frank Andrew Stevenson wrote:
>
>What is there to prevent that one single undisclosed buffer overrun bug in
>a component such as Internet Explorer won't shoot down the whole DRM
>scheme of Palladium ? Presumably IE will be able to run while the machine
>is in a trusted state, but if the IE can be subverted by injecting
>compromising code through a buffer overrun, the security of DRM material
>that is viewed in one window could be compromised through malicious code
>that has been introduced through another browser window.
It's my understanding of Palladium that it can enforce a separate
data space for applications by creating a memory space which is
encrypted with a key known to only that application.
Given that, I think a cracker could subvert IE normally, but that
wouldn't result in any access to the protected space of any other
applications. And as long as IE is actually separate from your
OS (if you're running it on your Mac, or under WINE from Linux,
for example), it shouldn't give him/her access to anything
inside the OS.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list