example: secure computing kernel needed
Paul A.S. Ward
pasward at ccng.uwaterloo.ca
Thu Dec 11 19:25:51 EST 2003
I'm not sure why no one has considered the PC banking problem to be a
justification for secure computing. Specifically, how does a user know
their computer has not been tampered with when they wish to use it for
banking access.
Paul
John S. Denker wrote:
> Previous discussions of secure computing technology have
> been in some cases sidetracked and obscured by extraneous
> notions such as
> -- Microsoft is involved, therefore it must be evil.
> -- The purpose of secure computing is DRM, which is
> intrinsically evil ... computers must be able to
> copy anything anytime.
>
> Now, in contrast, here is an application that begs for
> a secure computing kernel, but has nothing to do with
> microsoft and nothing to do with copyrights.
>
> Scenario: You are teaching chemistry in a non-anglophone
> country. You are giving an exam to see how well the
> students know the periodic table.
> -- You want to allow students to use their TI-83 calculators
> for *calculating* things.
> -- You want to allow the language-localization package.
> -- You want to disallow the app that stores the entire
> periodic table, and all other apps not explicitly
> approved.
>
> The hardware manufacturer (TI) offers a little program
> that purports to address this problem
> http://education.ti.com/us/product/apps/83p/testguard.html
> but it appears to be entirely non-cryptologic and therefore
> easily spoofed.
>
> I leave it as an exercise for the reader to design a
> calculator with a secure kernel that is capable of
> certifying something to the effect that "no apps and
> no data tables (except for ones with the following
> hashes) have been accessible during the last N hours."
>
> Note that I am *not* proposing reducing the functionality
> of the calculator in any way. Rather I am proposing a
> purely additional capability, namely the just-mentioned
> certification capability.
>
> I hope this example will advance the discussion of secure
> computing. Like almost any powerful technology, we need
> to discuss
> -- the technology *and*
> -- the uses to which it will be put
> ... but we should not confuse the two.
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at metzdowd.com
--
----------------------------------------------------------------------------
Paul A.S. Ward, Assistant Professor Email: pasward at ccng.uwaterloo.ca
University of Waterloo pasward at computer.org
Department of Computer Engineering Tel: +1 (519) 888-4567 ext.3127
Waterloo, Ontario Fax: +1 (519) 746-3077
Canada N2L 3G1 URL: http://www.ccng.uwaterloo.ca/~pasward
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list