[Cryptography] Secure erasure
alex at alten.org
alex at alten.org
Wed Sep 14 02:59:16 EDT 2016
Quoting Henry Baker <hbaker1 at pipeline.com>:
> At 12:47 PM 9/13/2016, alex at alten.org wrote:
>> Quoting Jerry Leichter <leichter at lrw.com>:
>>> So the alternative is to look elsewhere: Security is a *system*
>>> property, just like reliability; so as we build reliable systems
>>> from unreliable components, we need to build secure systems out of
>>> insecure components. Though as far as we can tell, there needs to
>>> be more of a secure core to bootstrap with than a reliable core.
>>
>> Now that is a fabulous insight! It really crystallizes my thought processes
>> over the past few years. I was (too slowly) coming around to the fact that
>> we have to build secure systems with what we have, not what we should have.
>
> A systems property still requires proper components to operate.
>
Yes, things like a reference monitor or trusted path would be great to have,
but often these are not available. But we still need to build the "secure
systems from insecure components", at least in the commercial space.
BTW, speaking of reference monitor, I attended at Black Hat a talk about
Apple's secure enclave processor, introduced with the iPhone S5. It was
pretty cool but it was still limited by the lack of higher level context
for its policy adjudication logic.
More information about the cryptography
mailing list