[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

 >>From: Tzafrir Cohen <tzafrir@cohens.org.il>
 >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
 >>
 >>On Tue, Feb 12, 2008 at 09:02:38PM +0900, Kuniyasu Suzaki wrote:
 >>> 
 >>>  >>From: Tzafrir Cohen <tzafrir@cohens.org.il>
 >>>  >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
 >>>  >>
 >>>  >>>  >>> >> We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
 >>>  >>>  >>> >>    http://unit.aist.go.jp/itri/knoppix/index-en.html
 >>>  >>>  >>> >> It includes trusted computing software based on TPM(Trusted Platform
 >>>  >>>  >>> >> Module). Debian packages on KNOPPIX is validated by Remote Attestation.
 >>>  >>>  >>> -------------------------------------------------------^^^^^^^^^^^^^^^^^^^
 >>>  >>>  >>> 
 >>>  >>>  >>> sounds an awful lot like Remote Exploit to me.
 >>>  >>>  >>
 >>>  >>>  >>That's indeed remotely similar.
 >>>  >>> 
 >>>  >>> Our remote attestation is a kind of CHECKER of two type of database
 >>>  >>> for trustworthy. The database of DSA (Debian Security Advisory)
 >>>  >>> validates the packages of knoppix.  The database of platform integrity
 >>>  >>> was created by our samples, which is listed at
 >>>  >>>   http://sourceforge.jp/projects/openpts/wiki/PlatformInfo
 >>>  >>> The database validates the boot procedure, which is based on "Trusted
 >>>  >>> Computing".
 >>>  >>
 >>>  >>Sorry, I just don't get it.
 >>>  >>
 >>>  >>Given that the platform includes gcc, perl and python (and wget), what
 >>>  >>practical use is there in in the guarantees you can achive?
 >>> 
 >>> The TC-Geeks KNOPPIX is a trial environment. However the technique
 >>> ,whcih combiles remote attestation and trusted boot, prevents insertion 
 >>> of root kits and offers safe environment.
 >>
 >>Your disk image is shipped with a kernel image that has a nice root
 >>exploit (vmpslice). Yeah, I know, bad luck. What impact does it have on
 >>your guarantees?
 >>What impact do your guarantees have on exploitations of that hole?

Yes, TC-Geeks KNOPPIX can not update but it is good example that we
need a remote attestation to check vulnerability. :-)

We need to check the kernel at the bootloader stage and keep the chain
of trust. 

--
suzaki

 >>>  >>What happens if I just innstall something from source?
 >>> 
 >>> The software work well. 
 >>> If you REPLACE the application which are registered at the database,
 >>> you can not connect to remote attestation.
 >>> 
 >>>  >>Recall that for the Xbox it only took one buggy game to allow installing
 >>>  >>an arbitrary software (e.g.: Linux) by the user.
 >>
 >>So it cannot prevent me from running arbitrary code. It just gives
 >>someone a grarantee that certain files are valid.
 >>
 >>Well, I suspect that if someone is root, the possibilities are basically
 >>endless - there are many places where you can just add some files to
 >>have an impact on the whole system.
 >>
 >>-- 
 >>Tzafrir Cohen         | tzafrir@jabber.org | VIM is
 >>http://tzafrir.org.il |                    | a Mutt's
 >>tzafrir@cohens.org.il |                    |  best
 >>ICQ# 16849754         |                    | friend
 >>
 >>
 >>-- 
 >>To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
 >>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 >>
 >>
Reply to: