Credit steven sinofsky why is this needed

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: “authorized” soHware. –  S2fles innova2on in player design EFF: allow users to inject chosen values into PCRs. •  Enables users to conceal changes to their compu2ng environment •  Defeats malicious soHware changes to compu2ng plaSorm Dan Boneh TCG Alternatives IBM 4758: Supports all TCG func2onality and more. –  Tamper resistant 486 100MhZ PCI co- processor –  … but expensive ~ $2000. TPM ~ $7. AEGIS System: Arbaugh, Farber, Smith ’97: –  Secure boot with BIOS changes only. –  Cannot support sealed storage. SWATT: Seshadri et al., 2004 –  A_esta2on w/o extra hardware –  Server must know precise HW configura2on Dan Boneh Trusted Compu2ng Attestation: challenges Dan Boneh 1. Attesting to Current State •  A_esta2on only a_ests to what code was loaded. •  Does not say whether running code has been compromised. –  Problem: what if Quake vulnerability exploited aHer a_esta2on took place? •  Can we a_est to the current state of a running system? –  … or is there a be_er way? Dan Boneh 2. Encrypted viruses Suppose malicious music file exploits bug in video player. –  Video file is encrypted. –  TCG prevents anyone from ge~ng video file in the clear. –  Can an2- virus companies study virus without seeing its code in the clear? –  How would you solve this? Dan Boneh 3. TPM Compromise Suppose one TPM Endorsement Private Key is exposed –  Destroys all a_esta2on infrastructure: •  Embed private...
View Full Document

Ask a homework question - tutors are online