AARG!Anonymous wrote:
Adam Back writes:
I have one gap in the picture:
In a previous message in this Peter Biddle said:
In Palladium, SW can actually know that it is running on a given platform and not being lied to by software. [...] (Pd can always be lied to by HW - we move the problem to HW, but we can't make it go away completely).
Obviously no application can reliably know anything if the OS is hostile. Any application can be meddled with arbitrarily by the OS. In fact every bit of the app can be changed so that it does something entirely different. So in this sense it is meaningless to speak of an app that can't be lied to by the OS.
What Palladium can do, though, is arrange that the app can't get at previously sealed data if the OS has meddled with it. The sealing is done by hardware based on the app's hash. So if the OS has changed the app per the above, it won't be able to get at old sealed data.
I don't buy this: how does Palladium know what an app is without the OS' help? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff