Log in

View Full Version : Features, pros and cons of Palladium / NGSCB

dELTA
October 19th, 2003, 05:47
Quite nice article:

hxxp://www.eff.org/Infra/trusted_computing/20031001_tc.php


dELTA
Aquatic
October 19th, 2003, 18:20
Quote:
1. Memory curtaining
Memory curtaining refers to a strong, hardware-enforced memory isolation feature to prevent programs from being able to read or write one another's memory. Today, an intruder or malicious code can often read or alter sensitive data in a PC's memory. In the trusted computing design, even the operating system should not have access to curtained memory, so an intruder who gains control of the very operating system would not be able to interfere with programs' secure memory.

Although memory isolation can be achieved in software, this requires some combination of rewriting operating systems, device drivers, and possibly even application software. Implementing this feature in hardware instead permits greater backwards compatibility with existing software and reduces the quantity of software which must be rewritten. (In general, many of the security benefits of trusted computing could be achieved in some form simply by rewriting software, but this appears impractical to some.)
.

hxxp://www.eff.org/Infra/trusted_computing/20031001_tc.php


Does this mean no more debuggers?

I think that the Ram itself will somehow be physically separated on the motherboard.
dELTA
October 19th, 2003, 18:26
It sure sounds like it might have a bunch of boring consequences for people with hobbies similar to ours in any case... That is, if there's no cool way we can go around it anyway.
Aquatic
October 19th, 2003, 18:31
Quote:
[Originally Posted by dELTA]It sure sounds like it might have a bunch of boring consequences for people with hobbys similar to ours in any case... That is, if there's no cool way we can go around it anyway.


People could always use custom hardware

People will be selling black-market Ram that will replace the Palladium ram.

Just my prediction.
dELTA
October 19th, 2003, 18:46
Yep, hopefully, but it will most likely not be widely available to any newbie though. This is quite sad compared to today's situation, when all you need to do to get started practically is to download some free tools and some good reading material and off you go...
JMI
October 19th, 2003, 19:12
Well, if I may state what also appears obvious, some provision HAS to be made to debug programs, or they never get written correctly. If there is NO provision to examine memory, not even the owner of the box, attempting to develop software, could view the operation of their code to find where it all went wrong.

Of course, I haven't read the article yet and it may discuss this issue.

Regards.
Aquatic
October 19th, 2003, 19:18
Remember that Palladium is still just a pipe-dream.
dELTA
October 20th, 2003, 06:36
JMI, there will of course be a way to debug your own programs, but it might very well be that they then have to be compiled into a special "debug mode" (which will of course require the source code), or something like that. Some of my best hopes about us being able to "go around this in a cool way" would be some tools that would analyze and patch/rebuild the static executables to fool them into using such a debug mode even in the production version. This is of course just wild speculations until we have any specific details about how they would implement such a thing, but it's the first thing that enters my mind when thinking about it anyway.

In general, I think modification of the target executable itself will be one big thing when all this happens. Since the application itself must be able to read it's own memory, I guess we could always inject an entire debugger into the executable, virus style. There might be attempts to cryptographically prevent such a thing too, but I think it would be hard to do such a thing in a secure way, seeing that all software developers cannot have their own keys integrated into the hardware...