cyber-"terrorism"?
Ben Laurie
ben at algroup.co.uk
Wed, 18 Sep 2002 18:06:19 +0100
Brian Gladman wrote:
> From: "Ben Laurie" <ben@algroup.co.uk>
> To: <ukcrypto@chiark.greenend.org.uk>
> Sent: Wednesday, September 18, 2002 8:25 PM
> Subject: Re: cyber-"terrorism"?
>
>
>
>>Brian Gladman wrote:
>>
>>>And I am not pursuaded by the arguments that I have heard that I do not
>>
> need
>
>>>a secure boot sequence. I think a small security kernel running on a VM
>>>machine can improve security significantly when compared with what we
>>
> have
>
>>>now. And to get a security kernel up and running with high assurance I
>>>believe we need a secure boot sequence and limited code metrics.
>>>
>>>Although both David and Peter are unconvinced that the gains in security
>>>terms would be significant, I have to disagree with them. If we can get
>>>strong process separation and full control of memory and peripheral
>>
> access
>
>>>we don't need anything more from hardware.
>>
>>I think their point, and I'm inclined to agree, is that of the things
>>you say we need to be secure, the least important is the trusted boot -
>>and if I have a security kernel running, I need it even less.
>
>
> But how do you know what you have running without secure boot?
Oh, I agree, if I had all that stuff in place, what I might worry about
next is what I booted. OTOH, if I had all that stuff in place I'd be
fairly sure what I booted coz there wouldn't be a way to replace it.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff