Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>From: Tzafrir Cohen <tzafrir@cohens.org.il>
>>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>
>>On Tue, Feb 12, 2008 at 09:02:38PM +0900, Kuniyasu Suzaki wrote:
>>>
>>> >>From: Tzafrir Cohen <tzafrir@cohens.org.il>
>>> >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>> >>
>>> >>> >>> >> We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
>>> >>> >>> >> http://unit.aist.go.jp/itri/knoppix/index-en.html
>>> >>> >>> >> It includes trusted computing software based on TPM(Trusted Platform
>>> >>> >>> >> Module). Debian packages on KNOPPIX is validated by Remote Attestation.
>>> >>> >>> -------------------------------------------------------^^^^^^^^^^^^^^^^^^^
>>> >>> >>>
>>> >>> >>> sounds an awful lot like Remote Exploit to me.
>>> >>> >>
>>> >>> >>That's indeed remotely similar.
>>> >>>
>>> >>> Our remote attestation is a kind of CHECKER of two type of database
>>> >>> for trustworthy. The database of DSA (Debian Security Advisory)
>>> >>> validates the packages of knoppix. The database of platform integrity
>>> >>> was created by our samples, which is listed at
>>> >>> http://sourceforge.jp/projects/openpts/wiki/PlatformInfo
>>> >>> The database validates the boot procedure, which is based on "Trusted
>>> >>> Computing".
>>> >>
>>> >>Sorry, I just don't get it.
>>> >>
>>> >>Given that the platform includes gcc, perl and python (and wget), what
>>> >>practical use is there in in the guarantees you can achive?
>>>
>>> The TC-Geeks KNOPPIX is a trial environment. However the technique
>>> ,whcih combiles remote attestation and trusted boot, prevents insertion
>>> of root kits and offers safe environment.
>>
>>Your disk image is shipped with a kernel image that has a nice root
>>exploit (vmpslice). Yeah, I know, bad luck. What impact does it have on
>>your guarantees?
>>What impact do your guarantees have on exploitations of that hole?
Yes, TC-Geeks KNOPPIX can not update but it is good example that we
need a remote attestation to check vulnerability. :-)
We need to check the kernel at the bootloader stage and keep the chain
of trust.
--
suzaki
>>> >>What happens if I just innstall something from source?
>>>
>>> The software work well.
>>> If you REPLACE the application which are registered at the database,
>>> you can not connect to remote attestation.
>>>
>>> >>Recall that for the Xbox it only took one buggy game to allow installing
>>> >>an arbitrary software (e.g.: Linux) by the user.
>>
>>So it cannot prevent me from running arbitrary code. It just gives
>>someone a grarantee that certain files are valid.
>>
>>Well, I suspect that if someone is root, the possibilities are basically
>>endless - there are many places where you can just add some files to
>>have an impact on the whole system.
>>
>>--
>>Tzafrir Cohen | tzafrir@jabber.org | VIM is
>>http://tzafrir.org.il | | a Mutt's
>>tzafrir@cohens.org.il | | best
>>ICQ# 16849754 | | friend
>>
>>
>>--
>>To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>>
>>
Reply to: