Dailydave mailing list archives

Re: Palladium, Memory Forensics, Clouds.

From: Joanna Rutkowska <joanna () invisiblethingslab com>
Date: Fri, 22 May 2009 16:07:43 +0200

Dave Aitel wrote:

Most people don't really understand Palladium, since it is quite
complex, but it's not a software only solution. You'd need a special
Palladium enabled keyboard, mouse, display, and audio IO setup. These
would each have crypto chips in them which could encrypt to and from
the trusted hypervisor. Look for them in a Microsoft store near you
real soon!


There is a book about Trusted Computing by David Grawrock, one of the main
architects behind TXT and I think also TPM [1] published by Intel press. This
book indeed talks about Protected Input/Output (as part of the LaGrande
technology, later renamed to TXT). However there is no mention of those
Protected Input/Output technologies in any other Intel spec we have been able to
get into our hands. It seems like the current technology (e.g. Intel TXT)
doesn't have any support for Protected Input/Output. In other words the TXT as
we can buy it today (in vPro-compatible hardware) is "only" about trusted boot
via DRTM and nothing else. I wrote "only" in quotation marks, as I think
providing trusted boot that really works, is still a really big deal.

Of course in the next release of processors, Intel or AMD might theoretically
add Protected Input/Output. But I'm still skeptical about effectiveness of such
technologies in protecting the end-user apps. We cannot offload all the
sensitive tasks to the hypervisor, e.g. processing of our banking site one time
passwords, etc, because once we start doing that, the hypervisor will grow fat
and likelihood of an exploitable bug inside the hypervisor will increase
dramatically. And we will get back to the point where we are today with our fat
kernelmodes polluted by all sorts of AV, IPS and DLP rootkits^Wmodules, that are
easily exploitable by malware.

joanna.

[1] http://www.intel.com/intelpress/sum_secc.htm

-- 
Joanna Rutkowska
Founder/CEO
Invisible Things Lab
http://invisiblethingslab.com/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Palladium, Memory Forensics, Clouds. Dave Aitel (May 20)
- Re: Palladium, Memory Forensics, Clouds. Joanna Rutkowska (May 21)
- Re: Palladium, Memory Forensics, Clouds. Curt Wilson (May 21)
  - Re: Palladium, Memory Forensics, Clouds. Dave Aitel (May 22)
    - Re: Palladium, Memory Forensics, Clouds. Joanna Rutkowska (May 22)
- Re: Palladium, Memory Forensics, Clouds. James Butler (May 25)
  - Re: Palladium, Memory Forensics, Clouds. dave (May 27)
    - Re: Palladium, Memory Forensics, Clouds. Matthieu Suiche (May 27)
    - Re: Palladium, Memory Forensics, Clouds. Dominique Brezinski (May 27)