Secure Coding mailing list archives
Intel turning to hardware for rootkit detection
From: ljknews at mac.com (ljknews)
Date: Wed, 14 Dec 2005 08:50:45 -0500
At 1:33 AM -0800 12/14/05, Crispin Cowan wrote:
Smashguard, if I recall correctly, offers approximately the protection of existing compiler methods, but with the added fun of requiring modified (non-existent) hardware. The referenced hardware in the IEEE article and the intel.com pages appears to be some descendant of Palladium; it is a hardware integrity checker/attestation mechanism. A small, hardware-enforced core performs a chain of crypto-checks prior to boot strapping the BIOS, and then the OS, and makes itself available to applications. Thus an application can (more or less) "prove" to a remote machine that the BIOS, kernel, and application are in fact the "approved" versions that the remote machine wants to see. The closest published work would be Bill Arbaugh's dissertation and associated papers.
That sounds very much like DEC's Distributed Systems Security Architecture, which was never an implemented product. -- Larry Kilgallen
Current thread:
- Intel turning to hardware for rootkit detection, (continued)
- Intel turning to hardware for rootkit detection ljknews (Dec 13)
- Intel turning to hardware for rootkit detection Gadi Evron (Dec 13)
- Intel turning to hardware for rootkit detection Ron Forrester (Dec 13)
- Intel turning to hardware for rootkit detection ljknews (Dec 13)
- Intel turning to hardware for rootkit detection David Eisner (Dec 13)
- Intel turning to hardware for rootkit detection Greenarrow 1 (Dec 13)
- Intel turning to hardware for rootkit detection Steven M. Bellovin (Dec 13)
- Intel turning to hardware for rootkit detection Michael S Hines (Dec 13)
- Intel turning to hardware for rootkit detection mudge (Dec 13)
- Intel turning to hardware for rootkit detection Crispin Cowan (Dec 14)
- Intel turning to hardware for rootkit detection ljknews (Dec 14)
- Intel turning to hardware for rootkit detection Michael S Hines (Dec 14)
- Intel turning to hardware for rootkit detection Michael S Hines (Dec 13)
- Intel turning to hardware for rootkit detection ljknews (Dec 13)
- Intel turning to hardware for rootkit detection ljknews (Dec 14)
- Intel turning to hardware for rootkit detection Chris Wysopal (Dec 14)