-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The point about stupid security, any sql server on the net, is a good point. There are three strikes against any one who was directly effected by slammer. 1> SQL server on net 2> using Microsoft 3> Not patching YOUR OUT!!!! - -------------------------------------------------------------------- Dept. of Homeland Security site switches to Linux from Windows 2000 http://newsforge.com/newsforge/03/01/27/1831240.shtml?tid=2 This happened during Slammer not because of Slammer. To change the OS of the federal goverment takes along time. This show that Linux can be more secure the MSwindows. It had to take a act of congress to get security for the US by using Linux. - -------------------------------------------------------------------- There was an article about IBM releasing TCPA code for Linux http://www.research.ibm.com/gsal/tcpa/ This just moves the trust issue from software to hardware. Nobody trust Microsoft because of the backdoors and poor design concepts. That is why Linux/Opensource offers more freedom and security. If you want to check the code you can. Now if the chip makers add their own backdoor or other "goverment requested features" are we not back to the clipper chip:(? I have thought about how to validate the hardware design for open source. First the design needs to opensource, this is done by publishing the HDL of the chip/circuit. Next on initalization after/during reset a checksum of the serial test path(boundry scan) is created. This checksum is the accessed through a register during operation. it is the compared with a given checksum in software. Now what is to prevent the vendor from just returning the right checksum?? Now it gets hightech with a serial test path scanner and generator. This is only used to verify the chip contains no backdoor. By resetting the chip and the hashing the serial output that should be the same checksum as the register. There must be other input vectors that is shifted in, do one operation, the check the result with the know checksum for that operation. This prevents the vendor from creating a seperate working section and faking the serial shifting. A security problem is if the private keys storred in the chip can be shifted out. To check the validity of the chip/desgin they must, but to keep them secuer they must not. To solve this problem the serial shift clock is connected to the reset pin of the registers that hold sensitive data. The sensitive registers can only be reset once at the beginning of the serial test or the serial sequance will be effected. By using this scheme the design of the chip is first validated for no backdoors, then each batch can be tested that it is the same and the design. Now when a user reads the hash number from a vendor they can be assured that there are no backdoors. Now the TCPA chip/circuit is validated and the rest of the system uses this base validation to keep itself validated. Shaun Savage - -- savages@private GPG2003 = 68DB 57E8 702C 21D9 0AA5 2375 1EB1 6F82 858C 23AD GPG2002 = B527 8F72 BAFA D490 6B30 6885 9FA2 34E8 EA73 F975 Public key at http://www.savages.net/gpg/savages -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+NtsjHrFvgoWMI60RAvH5AKCwFqaotBBcGgGxF228CxIIvETcxgCcDVir IrioV95ACcXYYjVjvydaLcw= =/Yyk -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 12:07:14 PST