Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
On Tue, Feb 12, 2008 at 09:02:38PM +0900, Kuniyasu Suzaki wrote:
>
> >>From: Tzafrir Cohen <tzafrir@cohens.org.il>
> >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
> >>
> >>> >>> >> We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
> >>> >>> >> http://unit.aist.go.jp/itri/knoppix/index-en.html
> >>> >>> >> It includes trusted computing software based on TPM(Trusted Platform
> >>> >>> >> Module). Debian packages on KNOPPIX is validated by Remote Attestation.
> >>> >>> -------------------------------------------------------^^^^^^^^^^^^^^^^^^^
> >>> >>>
> >>> >>> sounds an awful lot like Remote Exploit to me.
> >>> >>
> >>> >>That's indeed remotely similar.
> >>>
> >>> Our remote attestation is a kind of CHECKER of two type of database
> >>> for trustworthy. The database of DSA (Debian Security Advisory)
> >>> validates the packages of knoppix. The database of platform integrity
> >>> was created by our samples, which is listed at
> >>> http://sourceforge.jp/projects/openpts/wiki/PlatformInfo
> >>> The database validates the boot procedure, which is based on "Trusted
> >>> Computing".
> >>
> >>Sorry, I just don't get it.
> >>
> >>Given that the platform includes gcc, perl and python (and wget), what
> >>practical use is there in in the guarantees you can achive?
>
> The TC-Geeks KNOPPIX is a trial environment. However the technique
> ,whcih combiles remote attestation and trusted boot, prevents insertion
> of root kits and offers safe environment.
Your disk image is shipped with a kernel image that has a nice root
exploit (vmpslice). Yeah, I know, bad luck. What impact does it have on
your guarantees?
What impact do your guarantees have on exploitations of that hole?
>
> >>What happens if I just innstall something from source?
>
> The software work well.
> If you REPLACE the application which are registered at the database,
> you can not connect to remote attestation.
>
> >>Recall that for the Xbox it only took one buggy game to allow installing
> >>an arbitrary software (e.g.: Linux) by the user.
So it cannot prevent me from running arbitrary code. It just gives
someone a grarantee that certain files are valid.
Well, I suspect that if someone is root, the possibilities are basically
endless - there are many places where you can just add some files to
have an impact on the whole system.
--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend
Reply to: