Cryptogram: Palladium Only for DRM

[Bill Frantz]

At 11:02 PM -0700 9/16/02, David Wagner wrote:
>AARG!Anonymous  wrote:
>>David Wagner writes:
>>> Standard process separation, sandboxes, jails, virtual machines, or other
>>> forms of restricted execution environments would suffice to solve this
>>> problem.
>>
>>Nothing done purely in software will be as effective as what can be done
>>when you have secure hardware as the foundation.
>
>I wasn't thinking of pure software solutions.  I was thinking of a
>combination of existing hardware + new software: use the MMU to provide
>separate address spaces, and use a secure VM or OS kernel to limit what
>those processes can do.  As far as I can see, this can provide just as
>much protection against viruses for your bank account as Palladium can.

The KeyKOS work <http://www.cis.upenn.edu/%7EKeyKOS/> shows an approach to
using existing hardware protection (in the case of KeyKOS, the protection
available in the IBM 370 hardware) to building a system that is very
resistant to Trojan horses and Virii.  A very closely related open source
OS is Eros <http://www.eros-os.org/>.

Use of these technologies is illustrated by "A Security Analysis of the
Combex DarpaBrowser Architecure" by David Wagner & Dean Tribble
<http://www.combex.com/papers/darpa-review/index.html> and a presentation
at the O'Reilly Emerging Technology Conference, "The E Development
Platform: Exploiting Virus-Ridden Software"
<http://conferences.oreillynet.com/cs/et2002/view/e_sess/2223>.

Cheers - Bil


-------------------------------------------------------------------------
Bill Frantz           | The principal effect of| Periwinkle -- Consulting
(408)356-8506         | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz at pwpconsult.com | fair use.              | Los Gatos, CA 95032, USA



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com