Palladium: technical limits and implications
AARG! Anonymous
remailer at aarg.net
Wed Aug 7 12:35:12 PDT 2002
Adam Back writes:
> I have one gap in the picture:
>
> In a previous message in this Peter Biddle said:
>
> > In Palladium, SW can actually know that it is running on a given
> > platform and not being lied to by software. [...] (Pd can always be
> > lied to by HW - we move the problem to HW, but we can't make it go
> > away completely).
Obviously no application can reliably know anything if the OS is hostile.
Any application can be meddled with arbitrarily by the OS. In fact
every bit of the app can be changed so that it does something entirely
different. So in this sense it is meaningless to speak of an app that
can't be lied to by the OS.
What Palladium can do, though, is arrange that the app can't get at
previously sealed data if the OS has meddled with it. The sealing
is done by hardware based on the app's hash. So if the OS has changed
the app per the above, it won't be able to get at old sealed data.
And of course remote attestation will not work either, if the app has
been meddled with.
This means that an app can start running, attest to its "clean" status
to a remote server, download some data from that server, and seal it.
Then at a later time, IF the app is able to unseal that data, then it
is true that the app has not been meddled with and is not running
on virtualized hardware.
That is how I understand these sorts of claims.
More information about the cypherpunks-legacy
mailing list