example: secure computing kernel needed

Stefan Lucks lucks at th.informatik.uni-mannheim.de
Fri Dec 12 08:15:17 EST 2003 

On Wed, 10 Dec 2003, John S. Denker wrote:

> Scenario:  You are teaching chemistry in a non-anglophone
> country.  You are giving an exam to see how well the
> students know the periodic table.
>   -- You want to allow students to use their TI-83 calculators
>      for *calculating* things.
>   -- You want to allow the language-localization package.
>   -- You want to disallow the app that stores the entire
>      periodic table, and all other apps not explicitly
>      approved.

First "Solution": Erease and load by hand
=========================================

What would be wrong with
  1. ereasing the memories of the students' calculators
  2. loading the approved apps and data
immediately before the exam? (I assume, the students can't load
un-approved applications during the exam.)

(This is what some our teachers actually did when I went to school.
 Since there where no approved apps and data, step 2 was trivial. ;-)


> The hardware manufacturer (TI) offers a little program
> that purports to address this problem
>    http://education.ti.com/us/product/apps/83p/testguard.html
> but it appears to be entirely non-cryptologic and therefore
> easily spoofed.

Why?


2. "Solution": testguard and the like
=====================================

  1. Load and
  2. run
a trusted application with full access to all resources (including storage
for applications and data, and CPU time, thus blocking all the other stuff
which might be running in parallel), nothing can prevent this application
from deleting all non-approved appliations and data.

I am not sure, what testguard actually does, but the above is, what it
*should* do.

The existence of a trusted kernel would only complicate things, not
simplify them. (You had to make sure that your application is running in
the highest privileges mode ...)


I think, both of my proposed "solutions" would actually solve your
problem. Else, please describe your thread model!

Without understanding your problem, no cryptographer can provide any
solution. And if (given a proper definition of the problem) it turns out
that there is a non-cryptographic solution which works -- so what?


-- 
Stefan Lucks      Th. Informatik, Univ. Mannheim, 68131 Mannheim, Germany
            e-mail: lucks at th.informatik.uni-mannheim.de
            home: http://th.informatik.uni-mannheim.de/people/lucks/
------  I  love  the  smell  of  Cryptanalysis  in  the  morning!  ------

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list