Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] Identical computer systems are doomed - code red!

  • Subject: Re: [News] Identical computer systems are doomed - code red!
  • From: "Oliver Wong" <owong@xxxxxxxxxxxxxx>
  • Date: Mon, 24 Jul 2006 17:51:01 GMT
  • Newsgroups: comp.os.linux.advocacy
  • Organization: GlobeTrotter
  • References: <7qeep3-h9o.ln1@ellandroad.demon.co.uk> <GV6xg.149767$S61.122217@edtnps90> <1475230.NGcxXIZqyJ@schestowitz.com>
  • Xref: news.mcc.ac.uk comp.os.linux.advocacy:1132052

"Roy Schestowitz" <newsgroups@xxxxxxxxxxxxxxx> wrote in message news:1475230.NGcxXIZqyJ@xxxxxxxxxxxxxxxxxx
__/ [ Oliver Wong ] on Monday 24 July 2006 17:52 \__

"Mark Kent" <mark.kent@xxxxxxxxxxx> wrote in message
news:7qeep3-h9o.ln1@xxxxxxxxxxxxxxxxxxxxxxxxx

It goes on to describe [...] superior methods for taking linux forward to make it much more immune to such difficulties. Techniques which have been successfully used are described, including encrypting the running code in memory to make it much more difficult to exploit a buffer overflow (the virus wouldn't be able to encrypt itself the right way).

Interestingly enough, this sounds a lot like a "whitehat" application of DRM and/or Trusted Computing.


I'm aware that you are on the verge of sarcasm there, but FWIW encryption is used very widely in computing, especially for inter-host/client/peer communication. Think, for example, about Internet banking (HTTS, SSL) or PGP/GPG. The computer also needs to be secure therein if multiple users are involved and each possesses different privileges and must prevent intrusion (shared memory, disks, maybe even physical access which requires filespace encryption). There were serious incidents of user role escalation within the Debian servers recently. This has been resolved. Piracy and privacy may sound similar, but there are separate altogether. DRM/encryption has no place in combatting piracy because it entails a high cost and it offers merely nothing.

Actually, I was serious. Trusted Computing is basically encryption, so why did we even come up with a new name for it? Because the new twist that TC brings is that it encrypts executable programs, rather than data. In the old way of thinking, a user is always implicitly trusting the programs that (s)he runs. That is, the programs will usually inherit the same permissions that the user has. If the user is root, then the program is said to have root access.


With TC, you no longer nescessarily trust the programs you're running. The programs are run in a sandbox environment, and what permissions are given to the program is configurable at a fine-grain level. In the "bad, corporate dictatorship" version of TC, Microsoft/Intel/RIAA/MPAA are the ones who are assigning the permissions for each program. In the "good, empowered user" version of TC, it would be the end user assigning the permissions -- or more accurately, the OS (operating system) would be assigning the permissions in proxy of the user. This works best if the OS is an open source one, so that you can be sure that its is faithfully and accurately giving and denying the permissions that you, the user, want.

There's some progress made in this direction already. For example, in Windows XP SP2, the first time a program tries to connect to the Internet, you'll get a pop up saying so, and asking if you authorize this connection. Probably Linux has a similar feature as well (though I don't know what it's called). The Java JVM had this feature a long time ago: Your could write a remotely-deployable Java application (via JWS, or Java Web Start), and request certain "services" from the host VM, and the user could accept or deny each of these requests. The requests include such things as:

(*) Storing temporary data (like a cookie)
(*) Read access to specific directories.
(*) Write access to specific directories.
(*) Connecting to an IP address other than the one from which the application was initially downloaded from.
(*) Accessing local audio devices
etc.


A lot of people who follow "tech news" automatically associate "Trusted Computing" with "bad" or "evil" (I'm often do this too, at least subconsciously). However, the description given above, encrypting a program as its running, immediately reminded me of TC, and it was a non-evil application of it.

- Oliver


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index