cyber-"terrorism"?

Brian Gladman Brian Gladman" <brg at gladman.plus.com
Wed, 18 Sep 2002 17:58:25 +0800 

From: "Pete Chown" <1@234.cx>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Wednesday, September 18, 2002 4:43 PM
Subject: Re: cyber-"terrorism"?

[snip]
> To tie the two threads together, what would have happened if Nimda had
> erased people's BIOS chips?  I have it on good authority that several
> large companies were out of action for a few days while they got Nimda
> flushed out of their internal networks.  If all the machines had
> required physical repair, the delay would have been much longer, and
> enormously expensive.  This would be especially so because everyone
> would have been trying to get their machines fixed at the same time,
> overwhelming the repair facilities.
>
> (I'm in a bit of a dilemma whether to post this, for fear of creating a
> self-fulfilling prophesy, or giving ideas to the kiddies who write
> things like Nimda.  I've decided that the balance favours posting.  If
> these things are kept secret the dangers cannot be addressed, and it
> isn't such a profound idea that no one else will ever think of it.)

I agree this is always a problem in discussing attacks and it is often a
difficult judgement to make.

I felt very much the same way on revealing some of the techniques for low
level 'BIOS' attacks but I do think we need to move the debate on and it
was, I think, obvious from the subsequent discussion that people agree that
these attacks are feasible even if they disagree on the probability of
actually experiencing them.

And I am not pursuaded by the arguments that I have heard that I do not need
a secure boot sequence. I think a small security kernel running on a VM
machine can improve security significantly when compared with what we have
now. And to get a security kernel up and running with high assurance I
believe we need a secure boot sequence and limited code metrics.

Although both David and Peter are unconvinced that the gains in security
terms would be significant, I have to disagree with them.  If we can get
strong process separation and full control of memory and peripheral access
we don't need anything more from hardware.

And those who say we need more for DRM are wrong in my view since they can
build their DRM applications on top of a secure kernel just as others can
do.  And in this way we don't get DRM built into the machine, we get a
security kernel and we choose which applications we want to run on it.

I am sad that David and Peter don't see this as I think its a fundamentally
better way to go than the whole of TCPA.  Of course they are arguing that we
don't need any of TCPA but I suspect that this argument is a sure way of
getting all of it.

If we don't want all of TCPA we have to show that there is a better way of
improving PC security and I believe that there is.  I am sad that others are
not convinced (but that is the story of my life!)

  Brian