Intel to include DRM in new Pentium 4 series processors

Brian Gladman Brian Gladman" <brg at gladman.plus.com
Mon, 16 Sep 2002 03:38:54 +0800 

From: "David Wagner" <daw@mozart.cs.berkeley.edu>
Newsgroups: isaac.lists.ukcrypto
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Monday, September 16, 2002 2:33 AM
Subject: Re: Intel to include DRM in new Pentium 4 series processors


> Brian Gladman wrote:
> >But whether an attack should be eliminated is not just down to its
> >probability of occurence but also depends on the seriousness of the
result.
> >BIOS attacks are rarely detetcted and very often stay in place for the
life
> >of a machine so they may not be frequent but they are serious when they
> >occur.
>
> I agree probability of occurrence is not enough.  As I wrote earlier,
>   I rank the risks by their probabilities of occurrence and their impact
>   if they do occur.  [...] For typical users, [insecure boot attacks] are
>   a much rarer form of attack, and the impact may not be much greater than
>   the impact of buffer overruns and the like.
> I still see no reason why BIOS attacks should have a much greater impact
> than a buffer overrun attack.  BIOS attacks can in principle be written
> in a way that stays in place for a long time without detection, but I
would
> think that the same is true for buffer overrun attacks.

I am not sure about the life of a typical bufer overrun attack and I rather
suspect that this depends a lot on the specific design.  I know of such
attacks that certainly won't have a long life but I have not got much idea
of how long a life could be achieved if this was a design criteria.  But I
rather doubt that an attack installed in software will match the life of a
hardware attack.

> In practice, long-lived buffer overrun exploits are rare, as are
long-lived
> BIOS exploits, but this is probably a product of the sorts of exploits we
> see rather than a function of innate vulnerability.  Or is there some
reason
> I've overlooked why long-lived BIOS attacks are likely to be more common
> than long-lived buffer overrun attacks?

No, but I suspect that you judge the lifetimes to be similar whereas I judge
the hardware attack to have a longer undetected (or undisturbed by accident)
life.

   Brian