Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.
The nfoCentrale Blog Conclave
nfoCentrale Associated Sites
ACM News Service: Does Trusted Computing Remedy Computer Security Problems? The use of trusted computer systems will make it likely that genuine software will be run under the protections of a trusted environment. This blurb reports an analyis that asserts there will still be vulnerabilities in those programs, and a malicious intruder may be able to exploit them.
Although it would seem that computers will be more secure, there are a number of ways that trust can fail, and these will tend to be a result of defects in the trusted program that a malicious entity can still exploit.
The Rolf Oppliger and Ruedi Rytz article in the April 2005 IEEE Security & Privacy issue provides a nice run-down on the trusted computing approach and its limitations. Basically, the trusted computing platform is unable to detect malicious acts that happen at a level where the exploited behavior is indistinguishable from correct behavior based on what the platform observes. Put simply, there can always be vulnerabilities at a higher-level that what the platform protects. The authors question whether this improvement, and it is one, will be acceptable based on the presumed loss of flexibility in being able to install and run software of the user’s choosing. There is no generic answer to this question, it seems to me. Different circumstances will have different trade-off preferences, and we’ll need to understand those better.
A side benefit for me is a definition of technical trustworthiness, based on the Glossary of Internet terms:
“trusted and trustworthy systems are not the same; according to RFC 2828 [big file], a system is trusted if it “operates as expected, according to design and policy. If the trust can also be guaranteed in some convincing way, such as through formal analysis and code review, the system is called trustworthy.”
Hmm, interesting, aye Wingnut?
|You are navigating Orcmid's Lair.|