On Tue, Feb 12, 2008 at 09:02:38PM +0900, Kuniyasu Suzaki wrote: > > >>From: Tzafrir Cohen <[EMAIL PROTECTED]> > >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0) > >> > >>> >>> >> We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0). > >>> >>> >> http://unit.aist.go.jp/itri/knoppix/index-en.html > >>> >>> >> It includes trusted computing software based on TPM(Trusted > Platform > >>> >>> >> Module). Debian packages on KNOPPIX is validated by Remote > Attestation. > >>> >>> > -------------------------------------------------------^^^^^^^^^^^^^^^^^^^ > >>> >>> > >>> >>> sounds an awful lot like Remote Exploit to me. > >>> >> > >>> >>That's indeed remotely similar. > >>> > >>> Our remote attestation is a kind of CHECKER of two type of database > >>> for trustworthy. The database of DSA (Debian Security Advisory) > >>> validates the packages of knoppix. The database of platform integrity > >>> was created by our samples, which is listed at > >>> http://sourceforge.jp/projects/openpts/wiki/PlatformInfo > >>> The database validates the boot procedure, which is based on "Trusted > >>> Computing". > >> > >>Sorry, I just don't get it. > >> > >>Given that the platform includes gcc, perl and python (and wget), what > >>practical use is there in in the guarantees you can achive? > > The TC-Geeks KNOPPIX is a trial environment. However the technique > ,whcih combiles remote attestation and trusted boot, prevents insertion > of root kits and offers safe environment.
Your disk image is shipped with a kernel image that has a nice root exploit (vmpslice). Yeah, I know, bad luck. What impact does it have on your guarantees? What impact do your guarantees have on exploitations of that hole? > > >>What happens if I just innstall something from source? > > The software work well. > If you REPLACE the application which are registered at the database, > you can not connect to remote attestation. > > >>Recall that for the Xbox it only took one buggy game to allow installing > >>an arbitrary software (e.g.: Linux) by the user. So it cannot prevent me from running arbitrary code. It just gives someone a grarantee that certain files are valid. Well, I suspect that if someone is root, the possibilities are basically endless - there are many places where you can just add some files to have an impact on the whole system. -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il | | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849754 | | friend -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
