An attack on paypal --> secure UI for browsers

Adam Lydick adam.lydick at verizon.net
Fri Jun 13 09:50:13 PDT 2003


The faq (see attached) claims that "anyone can write a nexus" and that
"users control which nexus(s) run".

I certainly didn't see anything that suggests that anyone can force you
to run arbitrary code, regardless of who has signed it. I also find it
absurd to worry about what code Microsoft is running on your system. If
you are running their operating system, you are already running
arbitrary code from them. If you install a security or functional patch,
you are running arbitrary code from them. How would this be different?

My only real concern is that once this becomes widespread, having the
correct "nexus" + DRM software installed will be the only way to get
play digital media. I have a feeling I won't be playing any of that
content from the MythTv box in my living room...

AdamL

--

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/NGSCB.asp

Q: What is the "nexus" component of NGSCB?

A:  The nexus is a new Windows OS component that will be introduced as
part of NGSCB. The nexus, what we used to refer to as a "nub" or
"trusted operating root," is essentially the kernel of an isolated
software stack that runs alongside the existing software stack. The
nexus provides a limited set of APIs and services for applications,
including sealed storage and attestation functions. Think of nexus-aware
applications as residing in the user mode space of the parallel
execution environment and the nexus as residing in the kernel mode
space.

Anyone can write a nexus for use with nexus-aware systems. The user
always has the ultimate authority over what nexuses are allowed to run.
Only one nexus at a time will be able to run on a machine.

Q: What is the privacy model associated with NGSCB?

A: The user is always in control of whether or not nexus-aware
technology is enabled on his or her PC and what nexuses have access to
specific functions. The technology being developed as part of NGSCB
provides a fine-grained access control model that allows users to
specify (by hash) whether an individual nexus has the right to invoke a
specific security operation. In addition, SSC functions that reveal
potentially machine-identifying information, such as the RSA public key,
can only be performed once per SSC reset (and the SSC cannot be reset
from software; you have to power-cycle the PC). 

-- 
Adam Lydick <adam.lydick at verizon.net>





More information about the cypherpunks-legacy mailing list