[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)



 >>From: Tzafrir Cohen <tzafrir@cohens.org.il>
 >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
 >>
 >>On Mon, Feb 11, 2008 at 07:31:11AM -0800, Andrew Sackville-West wrote:
 >>> On Mon, Feb 11, 2008 at 11:32:51AM +0000, steef wrote:
 >>> > Kuniyasu Suzaki wrote:
 >>> >> Dear,
 >>> >>
 >>> >> We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
 >>> >>    http://unit.aist.go.jp/itri/knoppix/index-en.html
 >>> >> It includes trusted computing software based on TPM(Trusted Platform
 >>> >> Module). Debian packages on KNOPPIX is validated by Remote Attestation.
 >>> -------------------------------------------------------^^^^^^^^^^^^^^^^^^^
 >>> 
 >>> sounds an awful lot like Remote Exploit to me.
 >>
 >>That's indeed remotely similar.

Our remote attestation is a kind of CHECKER of two type of database
for trustworthy. The database of DSA (Debian Security Advisory)
validates the packages of knoppix.  The database of platform integrity
was created by our samples, which is listed at
  http://sourceforge.jp/projects/openpts/wiki/PlatformInfo
The database validates the boot procedure, which is based on "Trusted
Computing".

 >>It means that someone at a different machine on the network can be
 >>guaranteed that this specific software is only running on that system.
 >>Naturally this will not work without BIOS-level support.
 >>
 >>See e.g.: http://lwn.net/Articles/144681/

Thank you. Good reference site.

 >>
 >>That said, I don't fully understand what they attempt to provide.
 >>
 >>>From the little I understand, I figure that their system tries to
 >>guarantee that all software is valid Debian debs (plus some bits from
 >>their repositories). I have no idea how they implemented this. I have no
 >>idea what are the actual guarantees of kernel-level "trusted computing" 
 >>to a system as complex as Debian. 

Please refer the following papers.

 "Design and Implementation of a TCG-based Integrity Measurement
 Architecture", USENIX Security Symposium 2004.
   http://www.usenix.org/events/sec04/tech/sailer.html
 "Trusted Computing and Linux", Ottawa Linux Symposium 2005.
    http://www.linuxsymposium.org/2005/view_abstract.php?content_key=50

--
suzaki

 >>-- 
 >>Tzafrir Cohen         | tzafrir@jabber.org | VIM is
 >>http://tzafrir.org.il |                    | a Mutt's
 >>tzafrir@cohens.org.il |                    |  best
 >>ICQ# 16849754         |                    | friend
 >>
 >>
 >>-- 
 >>To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
 >>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 >>
 >>


Reply to: