Ross's TCPA paper

Hadmut Danisch hadmut at danisch.de
Fri Jul 5 10:20:02 EDT 2002


On Thu, Jul 04, 2002 at 10:54:34PM -0700, Lucky Green wrote:
> 
> Sure you can use shell scripts. Though I don't understand how a shell
> script will help you in obtaining a dump of the protected data since
> your script has insufficient privileges to read the data. Nor can you
> give the shell script those privileges since you don't have supervisor
> mode access to the CPU. How does your shell script plan to get past the
> memory protection?
> 


That's why I was talking about a shell script (or take any
other program to be interpreted).

What does need to be certified: The shell or the shell script?
The CPU doesn't recognize the shell script as a program, this
is just some plain data entered through the keyboard like
writing a letter. A shell script is not a program, it is
data entered at a program's runtime.

This moves one step forward:

The hardware (palladium chip, memory management, etc.) can
check the binary program to be loaded. So you won'te be able
to run a compiled program and to access protected information.

But once a certified software is running, it takes input
(reading mouse, keyboard, files, asking DNS, connecting 
servers,...). This input might cause (by interpretation, by
bug or however) the certified software to do certain things
which do not comply with DRM requirements.

At this stage, the running binary software itself is the
instance to provide the DRM security, not the palladium 
memory management anymore. 

I agree that this is not yet an "open sesame", but it shows
that the game does not play on the binary/memory management
layer only.

But who controls runtime input?

History shows, that M$ software is anything but able
to deal with malicious input. That's why the world is
using virus filters. That's nothing else than an external
filter to keep malicious input from an attacker away
from the running software.

By analogy, Palladium might require the same: an input
filter between attacker and running software. Since the
"attacker" is sitting in front of the computer this time,
this filter has to be applied to the user interface,
keyboard and mouse.

Maybe they'll install a filter between the keyboard and
the software, thus building a certified keyboard, which
filters out any malicious key sequences. And maybe you
can use your keyboard only, if you have downloaded the
latest patterns (like your daily virus filter update).

I agree that this depends on the assumption that 
the certified software is not perfect and can't
deal with arbitrary input. But that's reality.

Hadmut







---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list