An attack on paypal --> secure UI for browsers

[Peter Gutmann]

Nomen Nescio <nobody at dizum.com> writes:

>I don't see how this is going to work.  The concept seems to assume that
>there is a distinction between "trusted" and "untrusted" programs. But in the
>NGSCB architecture, Nexus Computing Agents (NCAs) can be written by anyone.
>If you've loaded a Trojan application onto your machine, it can create an NCA,
>which would presumably be eligible to put up a "trusted" window.
>
>So either you have to configure a different list of doggie names for every
>NCA (one for your banking program, one for Media Player, one for each online
>game you play, etc.), or else each NCA gets access to your Secret Master List
>of Doggie Names.  The first possibility is unmanageable and the second means
>that the trustedness of the window is meaningless.

Maybe MS will implement something like the secure attention key in the old VAX
A1 VMM (Ctrl-Alt-Del already serves this purpose for logins) which gives you a
guaranteed non-spoofed interface to the kernel (see for example "A
Retrospective on the VAX VMM Security Kernel" by Karger et al for more
information on this).  They certainly have the VMS knowhow :-).

Peter.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com