Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>From: Andrew Sackville-West <andrew@farwestbilliards.com>
>>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>
>>On Tue, Feb 19, 2008 at 11:37:17AM +0900, Kuniyasu Suzaki wrote:
>>>
>>> >>From: Andrew Sackville-West <andrew@farwestbilliards.com>
>>>
>>> >>How does the system behave when the authentication server is down? How do you deal
>>> >>with a compromised authentication server?
>>>
>>> Client takes vulnerability check only. There is no action on the client.
>>
>>I presume that the client exchanges some information with the
>>server. What happens when that server is compromised and sends
>>compromised information?
The server check Platform Manifest and RunTime Manifest.
Platform Manifest includes the boot record and RunTime Manifest
includes the log of executed applications on Linux-IMA.
If the manifests don't match, the server returns error.
http://sourceforge.jp/projects/openpts/wiki/FrontPage/attach/20080129-KNOPPIX511TCG-OPTS-UsersGuide-v1_0-E.pdf
The database on the server is updated by DSA:Debian Security Advisory.
http://www.debian.org/security/
--
suzaki
>>A
>>
>>ps. thanks for continuing to answer these question.
Reply to: