cyber-"terrorism"?

Brian Gladman Brian Gladman" <brg at gladman.plus.com
Thu, 19 Sep 2002 08:23:12 +0800 

From: "David Wagner" <daw@mozart.cs.berkeley.edu>
Newsgroups: isaac.lists.ukcrypto
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Thursday, September 19, 2002 5:51 AM
Subject: Re: cyber-"terrorism"?


> Brian Gladman wrote:
> >I think a small security kernel running on a VM
> >machine can improve security significantly when compared with what we
have
> >now.
>
> I agree with this.  However, I think we'd get 95% of the improvement
> by adding just the small security kernel, without the secure boot.
>
> >If we can get
> >strong process separation and full control of memory and peripheral
access
> >we don't need anything more from hardware.
> [...]
> >I am sad that David and Peter don't see this as I think its a
fundamentally
> >better way to go than the whole of TCPA.
>
> Oh, if I had to choose between your proposal and TCPA, I'd take your
> proposal: it does seem better than TCPA.  If nothing else, semi-coercive
> applications would be harder to build with your proposal than with TCPA.
> Taking away some pieces of TCPA would be great.
>
> I must have misunderstood your position.  I thought you were supporting
> TCPA, rather than suggesting an alternative to TCPA.  My apologies for
> my confusion.

I doubt that you are confused since I suspect that many others now see me as
a supporter of all that TCPA seeks to achieve.  But this is not my position.

I am trying to say that TCPA is not all bad and that by adopting the good
bits we can provide a vehicle - a 'hardware assisted Free/Open Source
security kernel' [1] - that allows us to achieve a significant improvment in
PC security. And that if we do this, not only do we not need the rest of
TCPA, but that these extra features will reduce rather than increase the
trustworthiness of our machines.

So, yes, I am arguing that what we need is an alternative to TCPA that
contains only some of its proposed features. And I am going further than
this by saying that I would consider 'all of TCPA' significantly less
trustworthy than the subset I am seeking.

And I am even saying that the DRM lobby gains nothing from the rest of TCPA
since they cannot improve on the assurance of a hardware assisted security
kernel by adding further hardware unless they don't intend to use the
machine's native processor and OS to run their applications.

And as you say, while they can still deliver what they want to deliver, they
are no longer able to use the chip or platform supplier as their surrogate
and thereby force us to consume things we don't want to consume.

    Brian

[1]  hardware assisted = secure boot plus limited code metrics for the
kernel, drivers etc.