On Thu, Dec 11, 2003 at 07:07:01PM -0800, Karsten M. Self wrote:

on Thu, Dec 11, 2003 at 04:49:11PM -0800, Jason Spence (jspence@lightconsulting.com) wrote:

...

On Thu, Dec 11, 2003 at 01:23:33PM -0600, D. Joe Anderson wrote:

...

w00t! Here's a good start to the the back-up plan if TCPA/Longhorn/Palladium/"Fritz-chips"* get out of hand.

You know, the black hat community is drooling over the possibility of a secure execution environment that would allow applications to run in a secure area which cannot be attached to via debuggers and such.

Any more background on that? Excellent sig material, BTW ;-)

TCPA and friends have a few core objectives driven by different parties in the standards bodies: - Provide secure audio playback with license management, self-destructing licenses, etc - Uniquely identify hardware instances for software license management and software activation type schemes - Provide a trusted "hypervisor" or "ring -1" environment from which authorized code can spy on the operating system and make sure it's not running any reverse engineering tools or known cracks before the authorized code can install itself or download privileged data like strictly licensed content or restricted documents, etc - Really fast PKI crypto on a dedicated processor for ipsec type stuff - Protected cert store in hardware that is somehow immune or resistent to tampering (I don't completely understand how this can't be attacked by patching the nexus on the hard disk; I'm learning more about it) <scenario class="evil"> I write a worm. It's a nasty little bugger. It pokes around your machine and your network for anything that looks like a credit card number. It's allowed to install itself in the protected memory area because it's ostensibly a popup blocker or spam blocker or something and I got it certified by NGSCB or whoever'll be in charge of handing out signatures. It joins a p2p network of other worms which can't be spied upon because the crypto keys are located in curtained memory and since your debugger doesn't have access to curtained memory, you can't get a copy of them. You can't get a copy of the destination addresses that your credit card numbers are being sent to either, because those are also located in curtained memory. Oh yeah, and it'll fire up your modem and wardial for fax machines and randomly fax the credit card numbers around too, just because I like to be a pain in the ass. So one of these nodes is not like the others, and I'm sitting on it collecting credit card numbers all day long. Anyone who tries to break my scheme is going to get their ass thrown in jail by everyone with an interest in keeping the scheme secure, like software vendors who want to lock you in to their file formats, governments out to censor you, the media industries, etc. So I scam a million dollars through credit card fraud and fencing stolen goods and retire in Cabo. </scenario> But those are just the black hats. What if the governments didn't like you saying naughty things about them? Or generic megacorp wants to take your little business out just because? Or what if the megacorps start fighting over file formats and interoperability using this stuff? Here's a bunch of even more fun scenarios: http://www.againsttcpa.com/tcpa-faq-en.html And here's the MS document outlining their strategy: http://www.microsoft.com/resources/ngscb/documents/NGSCB_Security_Model.doc Locke, the Vikings, and a bunch of others throughout history have had a lot to say about individual responsibility and assigning rights to the state, because they were worried about tyrants doing Bad Things to them. So Jefferson and those other guys wrote things like freedom of speech and certain other rights right into the constitution and bill of rights. So we trust the federal government to enforce those rights because otherwise we'll yank the officials which make it up right out of office during the next election. Or at least that's the way it's supposed to be... but the people are becoming increasingly apathetic about it. Voter turnout continues to decline, and so that last ditch safety mechanism won't be very effective if someone decides to take control of the trusted component we know as the federal government and use things like TCPA and friends to literally take over the world. I understand the vendors' point of view that sometimes you just can't trust the users, but this is the wrong way to implement protection against them. The people who implement this stuff should be unbiased towards either the software vendors or the people, and that's just not the case here. The people who are implementing these ideas are the software vendors and the media companies, and they're pretty upset about pirates and music thieves. If I were them, I'd exact some kind of retribution or competitive advantage out of this thing I'm designing to make up for all the pirated software and stolen music and annoying competitors I've had to put up with in the past. -- - Jason Last known location: 2.5 miles northwest of MOUNTAIN VIEW, CA Take everything in stride. Trample anyone who gets in your way. _______________________________________________ linux-elitists http://zgp.org/mailman/listinfo/linux-elitists ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 0.97c removed an attachment of type application/pgp-signature]