Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: [Muscle] Smartk, a smart card framework for the Linux Kernel
From: Scott Guthery (sgutherymobile-mind.com)
Date: Fri Jan 09 2004 - 15:44:44 CST
P.S. Who do you think controls the software in your mobile phone?
Or your iPod? Or your car? Or your cable modem? Or your set top
box? Or your software defined radio? Or your Blackberry? Or
your printer? Or your router?
You lost this war before you realized there was one.
From: Jesse I Pollard [mailto:pollardcmf.nrl.navy.mil]
Sent: Friday, January 09, 2004 2:10 PM
Subject: Re: [Muscle] Smartk, a smart card framework for the Linux
On Fri, 9 Jan 2004, Bettina Martelli wrote:
> Hello, Roberto, Ludovic, and Jesse,
> hello list,
> Jesse I Pollard wrote:
> > On Thu, 8 Jan 2004, Ludovic Rousseau wrote:
> >>Le jeudi 08 janvier 2004 ? 16:57:33, Roberto Gassira' a ?crit:
> >>>On Thu, 8 Jan 2004, Jesse I Pollard wrote:
> >>>3) The integration of a kernel-level architecture and a user-level
> >>> smart card interface is unsafe and unpratical.
> >>That's still to be demonstrated.
> >>I don't know how you can use a Unix system if you don't trust at
> >>least some processes/programs in user space.
> > Problem has been worked on in much detail... Common Criteria, the US
> > Orange Book...
> > The easiest is to use compartments and assigned roles with each
> > controled executable with a label that determine access rights (both
> > execute, read OR write). Or the older access matrix using
> > multi-level security (compartments, and levels; augmented with
> may I also add ... TCPA? ;-)
> It looks for me like an attempt to build a trusted linux with a smart
> card based TCM.
> Maybe a good idea, as an alternative to a fixed TPM.
> It's not a coincidence that Roberto cited Arbaugh, the one critic of
> TCPA who proposed a modification instead of the complete rejection of
:-) ... Personally, I think TCPA is a MS get-out-of-jail due to their
inability to write a secure OS.
All the TCPA really does is implement a trusted kernel to run a
non-trusted OS (anybody recognize "microkernel" in this?). And prevent
ANY access to the system other than theirs.
And except for the boot procedure, I don't see any significant
<paranoid mode on>MS wants to own the entire computer industry and
outlaw any programmers other than their own...</paranoid mode> :-)
The real vulnerability in TCPA is MS own -- the first of these systems
that gets hacked will open ALL the other systems using it (when MS
driven, that is).
My major objection is that it requires handing over control of your
system to MS.
> on 08.01.04 16:57 Roberto Gassira' wrote:
> > William Arbaugh et al. proposed an architecture that features a >
> chain of verification of the integrity of the several levels of a
> system > starting from the BIOS  (including the system kernel).
> They also > improved this architecture allowing the usage of a smart
> card as key > storage .
> >  W. Arbaugh, D. Farber, J. Smith (1997) > "A Secure and
> Reliable Bootstrap Architecture", Proceedings of 1997 IEEE >
> Symposium on Security and Privacy, pp. 65--71
(I left this on for future reference :-)
Jesse I Pollard, II
Any opinions expressed are solely my own.
Muscle mailing list
Muscle mailing list