Palladium -- trivially weak in hw but "secure in software"?? (Re: palladium presentation - anyone going?)
Rick Wash
rwash at citi.umich.edu
Tue Oct 22 11:49:19 PDT 2002
On Tue, Oct 22, 2002 at 04:52:16PM +0100, Adam Back wrote:
> So they disclaim in the talk announce that Palladium is not intended
> to be secure against hardware attacks:
>
> | "Palladium" is not designed to provide defenses against
> | hardware-based attacks that originate from someone in control of the
> | local machine.
>
> so one can't criticise the implementation of their threat model -- it
> indeed isn't secure against hardware based attacks.
>
> But I'm questioning the validity of the threat model as a realistic
> and sensible balance of practical security defenses.
>
> Providing almost no hardware defenses while going to extra-ordinary
> efforts to provide top notch software defenses doesn't make sense if
> the machine owner is a threat.
This depends. I would say this is an interesting threat model. It
makes the attacks non-redistributable.
Software-based attacks are redistributable. Once I write a program
that hacks a computer, I can give that program to anyone to use. I
can even give it to everyone, and then anyone could use it. The
expertise necessary can be abstracted away into a program even my
mother could use.
Hardware-based attacks cannot be redistributed. If I figure out how
to hack my system, I can post instructions on the web but it still
requires techinical competence on your end if you want to hack your
system too.
While this doesn't help a whole lot for a DRM goal (once you get the
non-DRM version of the media data, you can redistribute it all you
want), it can be very useful for security. It can help to eliminate
the 'script kiddie' style of attackers.
Rick
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cypherpunks-legacy
mailing list