Intel turning to hardware for rootkit detection

[ljknews at mac.com (ljknews)]

At 1:33 AM -0800 12/14/05, Crispin Cowan wrote:
> Smashguard, if I recall correctly, offers approximately the protection
> of existing compiler methods, but with the added fun of requiring
> modified (non-existent) hardware.
>
> The referenced hardware in the IEEE article and the intel.com pages
> appears to be some descendant of Palladium; it is a hardware integrity
> checker/attestation mechanism. A small, hardware-enforced core performs
> a chain of crypto-checks prior to boot strapping the BIOS, and then the
> OS, and makes itself available to applications. Thus an application can
> (more or less) "prove" to a remote machine that the BIOS, kernel, and
> application are in fact the "approved" versions that the remote machine
> wants to see. The closest published work would be Bill Arbaugh's
> dissertation and associated papers.

That sounds very much like DEC's Distributed Systems Security Architecture,
which was never an implemented product.  
-- 
Larry Kilgallen