Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Good point, if we hadn't been here before. (That is to say on the verge of greatness.) Big investors have noticed us before and heard the huff and puff. We don't need big numbers posted for Q2. However, Wave needs to show that they've got traction and a good map. The market is HERE. Yes, I believe it is here now. Enterprise and Gov have identified and are refining their problem statements. Solutions are being evaluated. How does Wave measure (on their yardstick)? Most of those questions could be answered with varying degrees of precision. We are still in Missouri.
Anybody have these proceedings?
How Trusted Computers can Enhance for Privacy Preserving Mobile Applications
Pearson, S.;
World of Wireless Mobile and Multimedia Networks, 2005. WoWMoM 2005. Sixth IEEE International Symposium on a
13-16 June 2005 Page(s):609 - 613
-R
Vader- In two business days we will be able to consider whether it is reasonable or not. Today, I'm afraid, it is extremely speculative (although there are lotsa dots before my eyes). Sure we're all speculating, but IMO it does no good to be overly optomistic... It will very likely come... I just don't think there will be a clear, undeniable sign proclaiming Waves postition in TCG this Q. However, with that said, I do think there will be a statement to that effect in this Q (reported next Tuesday).
Edit- I've reread, rewritten, rethought the above para and deleted a following. Perhaps I too am a bit giddy, I don't want to be. I don't think its probability this Q. A possiblity, yes. Not highly likely though.
I'm blathering. I confess to way over investing in the .70's and .60's and am justifying my intention to return to sanity around $2. Please, no irrational exuberance. (I'll still hold more than a rational number of shares. But, I'll be able to sleep at night.)
I honestly look forward to meeting you one day.
-Richard
ETS 2.0? I have not yet found a link for this at Dell. Have you? Anybody? Could it be what is bundled with Identiphi(sp)?
-R
Weby- I didn't read SL's post as saying that... It is a good thing msft has put forth APIs for these services. It is how apps talk to one another and establishes a code of "good citizenship". I do not try to speak for SL. Its just that your post seemed to.
-R
Wave was sent to Missouri (the show me state)after the '03 intel/ibm spike. Too many people - to short sited... it's was coming then (was it to be two years out?).
-R
Helpful- FISMA... (bolds are mine) -R
http://www.dell4fed.com/tpl_article.php?ri=813&si=56
Improving Your Agency’s FISMA Grade
Dell Public
March 2005
Introduction
Although the Federal Information Security Management Act of 2002 is almost three years old, government agencies are still working to comply. In fact, a recent survey of federal CISOs showed achieving FISMA compliance to be their number two concern behind patch management.1 And it’s no wonder why they’re concerned – the last round of FISMA grades had 14 of 24 federal agencies scoring below a C (eight of those failed outright).2
So why is FISMA adherence proving so difficult? One senior compliance strategist thinks it has to do with a lack of solid inventory, confusion on the part of agencies, a lack of bandwidth and reluctance to share data.3 IT professionals would likely argue that, because of all the paperwork involved with FISMA, noncompliance is due to the bandwidth issue more than anything else. When surveyed recently, federal CISOs who control a budget of less than $500,000 reported spending “45 percent of their time on FISMA compliance and only 15 percent of their time on network security monitoring and inventory control.”4
With the paperwork not likely to decrease in the near future and budgets as they are, there are a few key areas where your agency can focus to help improve your FISMA grade.
Inventory
If you don’t know what you have on your network, you won’t know what you need to protect. So one important step is to take complete inventory of your infrastructure. Catalog your business systems, grouping technologies by functions.5 Once you know the equipment and operating systems you are running, you can properly assess risk and define technical configuration standards for each one.
Since bandwidth can be a major roadblock for most CISOs, your agency may want to call upon a third party to assist with inventory and risk assessment. Dell Services’ security specialists will thoroughly analyze your organization’s entire IT infrastructure and offer security solutions that are based on NSA standards and designed to mitigate an array of security risks.
Implementation
If knowing your inventory is step one, step two is knowing what security solutions to put in place. Dell can help you here by recommending safety products and features on four levels for comprehensive information security:
1. Physical
Configuration-Change and Chassis-Intrusion Alerts provide notification to the end-user and/or the IT Administrator when system configurations have been altered or a chassis has been opened.
Cable Lock Slots and Chassis Lock Loops allow the user to secure the system and protect system components.
Cable Locks can be used to help secure both notebooks and desktop systems using the standard cable lock slot.
Custom Chassis Locks bolt the chassis cover closed to protect internal components, secure the system itself with an attachable cable, and help protect system peripherals from theft with a cable locking mechanism.
Asset Tags help keep track of your organization’s Dell systems. Dell’s Custom Factory Integration service can provide standard or customized asset tags.
2. User
Dell™ OptiPlex™ desktops, Dell Precision™ workstations and Dell Latitude™ notebooks come with a number of BIOS-enabled security features that help protect your system during the pre-boot process, even before operating system-based password protection is in place.
System Passwords require the user to enter a password in order to boot the system and enable the keyboard and mouse.
System Set-up Passwords require the user or administrator to enter a password in order to make any changes to the system set-up options.
Hard Drive Passwords require user to enter a password to access the hard drive.
Smartcard and/or Biometric Authentication securely authorizes users accessing systems and connecting to the network. Dell’s built-in smartcard slot on Latitude™ notebooks (D410, D610 & D810) as well as its smart card keyboard for desktops provide integrated authentication.
3. System
Anti-virus and Client Protection software fortifies the individual system and the infrastructure, because many of today’s attacks use the desktop or notebook as a launch point
4. Network
Firewalls allow you to filter content, manage Virtual Private Networks (VPNs), monitor network resource requests, and share Internet access. Dell offers firewalls in a variety of choices, including the Secure Computing™ Sidewinder Firewall™ on Dell PowerEdge™ servers. In addition, Dell carries firewall solutions from Netscreen, Watchguard and others.
Intrusion Prevention Systems (IPS) provides a second line of network defense and needed protection for the core of the network. The Unity One™ IPS by Tipping Point™ available from Dell provides the visibility of an IDS with the added power to block harmful traffic that may be trying to pass through the core of the network.
LegacySelect, a standard feature on Dell OptiPlex™ desktops, can help agencies transition from less-secure legacy technologies by giving them the ability to lock down system drives, slots and ports to help protect the system and network.
Server Network Interface Cards (NICs), such as the Intel® Pro 100S, are available on Dell PowerEdge™ servers and help protect sensitive data traveling on the LAN with standards-based security features.
Secure Socket Layer Accelerators, like Broadcom’s CryptoNetX™ SSL800 adapter, are also available on Dell PowerEdge servers and help accelerate the SSL protocol by allowing the server to support large numbers of clients using secure communications while helping maintain high performance.
Virtual Private Networking (VPN) is a method to allow authorized users to have secure, authenticated remote access to your LAN via public networks, such as the Internet. Dell PowerEdge servers are an ideal platform on which to run a network operating system that incorporates VPN functionality, such as Microsoft® Windows® Server 2003.
In addition to securing information on each of these levels, it is also imperative that you help ensure that data is not passed on when systems are retired. For this, Dell offers Disk Overwriting, which helps protect confidential information and assets by overwriting data based on the Department of Defense 5220-22-M 3 time overwrite standard.
NIST SP 800-53
Finally, if there is any confusion on what is required and what type of security you should have in place, you should visit the National Institute of Standards and Technology web site and view the January 2005 draft of Special Publication 800-53, Recommended Security Controls for Federal Information Systems. It outlines what is expected of your agency and the detailed steps to take to achieve those expectations.
For more information on security and how Dell can help you improve your FISMA score, visit the Security Solution for Federal Government.
--------------------------------------------------------------------------------
1 Olsen, Florence. “Security Bosses Feel Patch Pain.” November 22, 2004. FCW.com.
2 Lawlor, Maryann. “Congress Scrutinizes Information Security Efforts.” August 2004. SIGNAL.
3 Briggs, Linda and Mann, David. “Q&A: Why Agencies Find FISMA Compliance Tough.” ComplianceNOW.
4 Olsen, Florence. “Security Bosses Feel Patch Pain.” November 22, 2004. FCW.com.
5 Briggs, Linda and Mann, David. “Q&A: Why Agencies Find FISMA Compliance Tough.” ComplianceNOW.
Ad Number: 59949874
Enter your e-mail:
Average Resource Rating
Rate this resource
Helpful Links
Download Adobe Acrobat
Help
Feedback
Register for the Solutions Center
Ok... what conspiracies can we come up with?
-R
It looks like someone really wants us down.
-R
Go- Indeed we won't know where we are NOW... but in less than a week we will know where we were at the end of June. With that fix we can use the markers we've since noted (Atmel,STM) and in a way use dead reckoning to determine where we are now.
I'd rather be sailing today.
-R
Knute: I goofed. eom
mjan112: I left 10 percent:) I thought we were already to the 35 day limit. Thanks -R
Snacks- Could be. It's good either way. I recalled whoever posted the 8th mentioned it came from First Call. I just did a search and didn't find anything so I may be mis-remembering or the poster may have been mistaken. I am, however, 90 percent certain that the Q must be filed by the 5th.
-R
Snack- Someone posted that it was on the 8th. I believe the 10Q must be filed on the 5th.
-R
Wave should announce their CC today? They have to file the 10Q by 8/5, right?
-R
I did. Norton notified me of a trojan in a .jar. I ran anti-v rebooted and am just now back.
Looking at the log it looked like something called sploit[1].anr came first and installed a jar loaderadv438.jar... which contained the parser.class and the counter.class which Norton identified as a trojan.byteverify.
-R
I hope that we have some news to justify/solidify this run. Wave should be announcing there cc pretty soon (they must file by 8/5 -35 days.) Right?
-R
This is exciting. eom
Okpnv- Optiplex GX280.
-R
http://www.wave.com/products/getting_started_dell.html
Getting Started with the Dell Trusted Platform
The following Dell systems contain the
Broadcom Trusted Platform Module (TPM) v1.1b :
Dell Latitude Notebooks: D410, D610, D810, X1
Dell Precision™ Notebooks: M20, M70
Dell Optiplex Desktops: GX280*
Dell TPM v1.1b systems hardware security installation and activation instructions.
The following Dell systems contain the
ST Microelectronics Trusted Platform Module (TPM) v1.2 :
Dell Precision™ Workstations: 380
Dell Optiplex Desktops: GX620
Dell TPM v1.2 systems hardware security installation and activation instructions.
*NOTE: The Optiplex GX280 is available from Dell in 4 different form factor (chassis) options; "Compact Design," "Small Form Factor," "Desktop," and "Mini-Tower." The TPM device is ONLY offered for the "Desktop" and "Mini-Tower" form factors. It is NOT available on the "Compact Design" or "Small Form Factor" chassis options.
Dell Trusted Platform with TPM v1.1b
Installation and activation of the TPM v1.1b requires several steps which must be performed in the following order:
STEP 1: Install the TPM Software Package
The default location for the installation program is C:\Dell\TPM\Setup.exe
STEP 2: Turn on the TPM
Reboot the computer and enter the system Setup program by pressing the [F2] key during the Power On Self Test.
In the Setup program, open the "Security" settings category and select the "TPM Security" menu option.
Set the TPM Security state to "On."
Exit from the Setup program by pressing the [Esc] key, and when prompted choose the "Save / Exit" option in order to keep the changes.
NOTE: If this is the first time the TPM has ever been used on this computer, you must perform Step 3 below. If the TPM on this system has been used before, you may now skip directly to Step 4. Step 3 must be executed once, and only once, on any given system.
STEP 3: Perform Software Vendor Activation
Boot normally into your Windows operating system.
Launch the Broadcom Secure Foundation™ Platform Initialization wizard by double-clicking on its icon in the system tray on the lower right hand corner of the screen.
The Platform Initialization Wizard will execute a function called "Vendor Activation." Follow the instructions in the dialog box to execute the Vendor Activation step. This operation only occurs once on any given system.
The system will now reboot automatically. Proceed to Step 4.
STEP 4: Activate the TPM
Reboot the computer and enter the system Setup program again by pressing the [F2] key during the Power On Self Test.
In the Setup program, open the "Security" settings category and select the "TPM Activation" menu option.
Set the TPM Activation state to "Activate". Changes to this field take effect immediately.
STEP 5: Initialize the Platform and User
The TPM is now ready to be used. When the operating system reboots, launch the Broadcom Secure Foundation™ Platform Initialization by double-clicking on its icon in the system tray on the lower right hand corner of the screen. This wizard will walk you through the procedure of establishing the TPM Owner and User passwords and credentials.
For more information, please consult the "Broadcom Secure Foundation™ Getting Started Guide" located in the <Start> menu.
CAUTION: BACKUP YOUR TPM CREDENTIALS!
The TPM is designed to provide additional protection for your data by using cryptographic functions. When data is encrypted, it can only be unscrambled using cryptographic keys that are stored inside the TPM. The Broadcom Secure Foundation™ software provides several backup functions that will allow you to create Emergency Recovery files (called the Recovery Archive and Recovery Token) that can be used to restore data in the event of a hardware failure. Be very careful to follow the backup procedures documented in the "Getting Started Guide" to secure these files. If these files are lost or damaged it may be impossible to recover any encrypted data in the event of an emergency.
Dell Trusted Platform with TPM v1.2
Installation and activation of the TPM v1.2 requires several steps which must be performed in the following order.
STEP 1: Install the TPM Software Package
The default location for the installation program is C:\Dell\TPM\Setup.exe
STEP 2: Turn on the TPM
Reboot the computer and enter the system Setup program by pressing the [F2] key during the Power On Self Test.
In the Setup program, open the "Security" settings category and select the "TPM Security" menu option.
Set the TPM Security state to "On."
From the "Security" settings category, select the "TPM Activation" menu option.
Set the TPM Activation state to "Activate".
Press "OK" when promted for "TPM Acknowledgement". (Changes to this field take effect immediately.)
Exit from the Setup program by pressing the [Esc] key, when prompted make sure to choose the "Save / Exit" option in order to keep the changes.
STEP 3: Initialize the Platform and User
The TPM is now ready to be used. When the operating system reboots, launch the Wave Systems Corp EMBASSY Security Center™ by double-clicking on the desktop icon.
Select the "Owner" tab.
Click on the "Establish" button to take ownership and create the TPM owner password.
Select the "User" tab.
Click on the "Initialize" button to enroll the current user account with the EMBASSY Security Center.
For more information, please consult the "EMBASSY Security Center Help" file located in the <Start> menu.
CAUTION: BACKUP YOUR TPM CREDENTIALS!
The TPM is designed to provide additional protection for your data by using cryptographic functions. When data is encrypted, it can only be unscrambled using cryptographic keys that are stored inside the TPM. The Wave Systems Corp EMBASSY Security Center software provides several backup functions that will allow you to create Emergency Recovery files that can be used to restore data in the event of a hardware failure. Be very careful to follow the backup procedures documented in the "Key Manager" section of the EMBASSY Security Center Help document to secure the recovery files. If the recovery files are lost or damaged it may be impossible to recover any encrypted data in the event of an emergency.
--------------------------------------------------------------------------------
Wave Systems provides this information as a courtesy to Dell trusted platform owners. We strongly suggest that you also refer to the manufacturer's documentation included with your Dell PC for specific instructions and answers to questions about the TPM activation procedure.
For more information on Dell security solutions contact your Dell sales representative. You may also email us at securesolutions@wavesys.com or call us at (877) 228-WAVE.
Okpnv- Not sure about the bundle. The Optiplex is listed on Tony's matrix. I am also wondering about the professional services and gold support provided by Dell. Wave did provide training to Dell? I am trying to find enough pieces to put something together... posting here is (for me) always a good place to start. I'll post what I find.
-R
Dell news- interesting.
-R
Royal Resorts Selects Dell to Centralize IT Infrastructure; Company Standardizes on Dell Servers, Storage, Desktops to Increase Efficiency and Customer Service
Business Wire - July 26, 2005 12:00
MEXICO CITY, Jul 26, 2005 (BUSINESS WIRE) -- Dell (NASDAQ:DELL) was selected by Royal Resorts, a vacation club ownership resort, as its technology partner to centralize its global IT operations and implement the latest technologies to provide faster, more reliable service to its members.
Royal Resorts has implemented Dell PowerEdge servers, a Dell/EMC storage area network (SAN), PowerVault network attached storage (NAS) and Tape Library products, OptiPlex desktops and services as part of this initiative, to achieve better flexibility and security capabilities from standardized technology.
The data centralization project was driven from the need to consolidate and centralize the IT infrastructure that supports its resorts throughout Mexico and the Caribbean. By updating its systems and selecting Dell as its corporate standard, Royal Resorts built a more efficient and secure network.
Following a comprehensive analysis of technology providers, Royal Resorts selected Dell based on its previous experience, the company's quality of service and best-value proposition:
"To be competitive in the hospitality industry, we must deploy technology that enables us to differentiate and constantly improve our level of service, while remaining cost-competitive -- from tracking members' vacation ownership contracts and reservations to maintaining precise accounting information," said Ed Klein, CIO, Royal Resorts. "Standardizing on Dell products has enabled us to improve the speed and accuracy of maintaining the information required to provide the greatest level of service to our members and guests. In addition, this partnership has helped us make dramatic improvements to our data integration, business intelligence and back-office systems."
Royal Resorts has implemented Dell PowerEdge 1850, 2850 and 6650 servers running Microsoft Server 2003, a 2.3 terabyte Dell/EMC CX300 SAN, Power Vault 775 and 132T OptiPlex GX280 desktops, and UltraSharp LCD monitors to for an end-to-end standards-based infrastructure.
To reduce costs through improved management and increase productivity through ease of use, Royal Resorts implemented Active Directory on the enterprise systems as well as Microsoft Exchange 2003, an updated Microsoft Cluster SQL database platform and a Veritas Backup solution. The Dell-based network allows Royal Resorts to quickly process business transactions, maintain accounting and tax data, and ultimately, to provide better service to its more than 60,000 members.
In addition to standardizing on Dell products, the company selected several Dell services, including Professional Services and Gold Support. Royal Resorts and Dell Professional Services worked together to design a scalable and robust architecture that included detailed design documentation, a comprehensive validation strategy and a mature deployment plan. Dell Professional Services successfully managed the entire server and network implementation and migration, in addition to training the IT staff. Royal Resorts also selected Dell Gold Support to provide 24x7 technical assistance for all of its servers and desktops.
"Standards-based technology is being deployed more and more for business-critical enterprise platforms in leading companies like Royal Resorts," said Jose Luis Garcia, Dell Mexico general manager. "These customers recognize that standardized technologies enable them to be cost and performance competitive for their customers, and Dell is committed to delivering the highest-quality systems and services to meet these business goals."
About Royal Resorts
Founded in 1975 in Cancun, Royal Resorts is a pioneer in Mexican tourism and the international vacation ownership industry. The company has grown with Cancun, the country's first and most successful master-planned destination. It opened its first resort in 1978 and now has five beachfront resorts with five-star ratings. Furthermore, Royal Resorts is one of the city's three largest employers and has a workforce currently standing at 2,408 employees.
Royal Resorts recently expanded its resort operations to the area south of Cancun known as the Riviera Maya. Construction work is underway at The Royal Haciendas Resort in Moxche Beach & Golf Village and the first 55 vacation villas will be ready for occupation in the summer of 2006.
The company also manages El Castellano Hotel in Merida, Yucatan, Mexico, The Sea Aquarium Resort on the island of Curacao, and the Pelican Resort Club on St. Maarten, Netherlands Antilles.
Royal Resorts has over 75,000 members from 51 countries and independent surveys report a 98 percent member satisfaction rate, one of the highest ratings received in the vacation ownership industry worldwide. It has received numerous accolades including the coveted Five Star Award, given by Interval International (www.intervalworld.com) every year since the award's inception in 1984.
About Dell
Dell Inc. (NASDAQ:DELL) is a trusted and diversified information-technology supplier and partner, and sells a comprehensive portfolio of products and services directly to customers worldwide. Dell, recognized by Fortune magazine as America's most admired company and No. 3 globally, designs, builds and delivers innovative, tailored systems that provide customers with exceptional value. Company revenue for the past four quarters was $51.1 billion. For more information about Dell and its products and services, visit www.dell.com.
Dell is a trademark of Dell Inc.
Dell disclaims any proprietary interest in the marks and names of others.
SOURCE: Dell Inc.
Dell Inc., Round Rock
Media Contact:
Wendy Giever, 512-728-6442
Wendy_giever@dell.com
Copyright Business Wire 2005
MyMoney- where did this come from and when?
Snackman- Very nice. I've had the board info hidden for so long I forgot it was there... thanks o and barge.
As an aside: I was on vaca last week and expected to return to a post PP pity party. Wow! (I had placed a number of limit sell orders from 1.92 to 20... thank goodness I made it back in time to cancel them.)
-R
I knew my previous post would get things moving:)
Looks like somebody went to lunch and wanted to make sure things didn't get away from them... pretty tight cap.
Folks- TC is most certainly gaining awarness. Below is a list of articles from IEEE pubs that I just ran (on "trusted computing"). I especially like #14 (and the most recent article).
The train is moving. It's up to Wave to make sure they're on board (if not driving the train.)
-R
Journals & Magazines
Conference Proceedings
Standards
Advanced
Author
CrossRef
Session History
Overview
Information About Content
Tools
For Librarians
For IEEE Members
For Authors
Technical Support
Frequently Asked Questions (FAQs)
Feedback
IEEE Xplore Demo
Accessibility
Home / Login / Logout / Access Information / Alerts / Sitemap / Help
Welcome IUPUI
Search Results
BROWSE SEARCH IEEE XPLORE GUIDE SUPPORT
Results for "((trusted computing)<in>metadata)"
Your search matched 53 of 1193303 documents.
A maximum of 100 results are displayed, 25 to a page, sorted by Relevance in Descending order.
Modify Search
Check to search only within this results set
Display Format: Citation Citation & Abstract
Select Article Information View: 1-25 / 26-50 / 51-53
1. How trustworthy is trusted computing?
Vaughan-Nichols, S.J.;
Computer
Volume 36, Issue 3, March 2003 Page(s):18 - 20
Summary: One of the biggest issues facing computer technology today is data security. The problem has gotten worse because users are working with sensitive information more often, while the number of threats is growing and hackers are developing new types of .....
AbstractPlus / Full Text: PDF(289 KB) IEEE JNL
2. The Trusted Computing Exemplar project
Irvine, C.E.; Levin, T.E.; Nguyen, T.D.; Dinolt, G.W.;
Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
10-11 June 2004 Page(s):109 - 115
Summary: We describe the Trusted Computing Exemplar project, which is producing an openly distributed worked example of how high assurance trusted computing components can be built. The TCX project encompasses four related activities: creation of a prototype .....
Abstract / Full Text: PDF(1155 KB) IEEE CNF
3. Does trusted computing remedy computer security problems?
Oppliger, R.; Rytz, R.;
Security & Privacy Magazine, IEEE
Volume 3, Issue 2, March-April 2005 Page(s):16 - 19
Summary: The authors examine whether trusted computing is likely to remedy the relevant security problems in PCs. They argue that although trusted computing has some merits, it neither provides a complete remedy nor is it likely to prevail in the PC mass mark.....
AbstractPlus / Full Text: PDF(176 KB) IEEE JNL
4. Privacy and trusted computing
Reid, J.; Nieto, J.M.G.; Dawson, E.; Okamoto, E.;
Database and Expert Systems Applications, 2003. Proceedings. 14th International Workshop on
1-5 Sept. 2003 Page(s):383 - 388
Summary: This paper examines a model of trusted computing wherein a computing platform is able to make assertions about its current software configuration that may be trusted by the user and remote third parties. The privacy implications of this approach are .....
Abstract / Full Text: PDF(254 KB) IEEE CNF
5. Protecting client privacy with trusted computing at the server
Iliev, A.; Smith, S.W.;
Security & Privacy Magazine, IEEE
Volume 3, Issue 2, March-April 2005 Page(s):20 - 28
Summary: Current trusted-computing initiatives usually involve large organizations putting physically secure hardware on user machines, potentially violating user privacy. Yet, it's possible to exploit robust server-side secure hardware to enhance user privac.....
AbstractPlus / Full Text: PDF(256 KB) IEEE JNL
6. The technical and legal dangers of code-based fair use enforcement
ERICKSON, J.S.; MULLIGAN, D.K.;
Proceedings of the IEEE
Volume 92, Issue 6, June 2004 Page(s):985 - 996
Summary: Digital rights management (DRM) mechanisms, built upon trusted computing platforms, promise to give content providers the ability to impose rules reliably and deterministically on end-user experiences with information resources ranging from literary .....
Abstract / Full Text: PDF(344 KB) / Full Text: HTML IEEE JNL
7. Understanding trusted computing: will its benefits outweigh its drawbacks?
Felten, E.W.;
Security & Privacy Magazine, IEEE
Volume 1, Issue 3, May-June 2003 Page(s):60 - 62
Summary: The Trusted Computing Platform Architecture (TCPA) and the Microsoft's Palladium have similar (though not identical) architectures and similar goals. Both systems are part of a more general approach called trusted computing (TC). In this article the .....
AbstractPlus / Full Text: PDF(238 KB) IEEE JNL
8. Retrofitting and developing applications for a trusted computing base
Gambel, D.; Walter, S.;
Aerospace Computer Security Applications Conference, 1988., Fourth
12-16 Dec. 1988 Page(s):212 - 215
Summary: The authors discuss the concept of a software analysis procedure to aid in the conversion of existing applications and in the development of applications for use with a trusted computing base (TCB). In this procedure, the system processes are broken .....
Abstract / Full Text: PDF(292 KB) IEEE CNF
9. Protecting mobile Web-commerce agents with smartcards
Funfrocken, S.;
Agent Systems and Applications, 1999 and Third International Symposium on Mobile Agents. Proceedings. First International Symposium on
3-6 Oct. 1999 Page(s):90 - 102
Summary: Mobile agents add a new communication paradigm to traditional network communication mechanisms. So far, the pervasiveness of publicly available mobile agent platforms is not given. Offering a seamless integration of mobile agents into the widespread .....
Abstract / Full Text: PDF(104 KB) IEEE CNF
10. Design of LDV: a multilevel secure relational database management system
Stachour, P.D.; Thuraisingham, B.;
Knowledge and Data Engineering, IEEE Transactions on
Volume 2, Issue 2, June 1990 Page(s):190 - 209
Summary: The authors describe the design of a secure database system,LDV (Lock Data Views), that builds upon the classical security policies for operating systems. LDV is hosted on the LOgical Coprocessing Kernel (LOCK) Trusted Computing Base (TCB). LDVs secu.....
Abstract / Full Text: PDF(1968 KB) IEEE JNL
11. The long march to interoperable digital rights management
KOENEN, R.H.; LACY, J.; MACKAY, M.; MITCHELL, S.;
Proceedings of the IEEE
Volume 92, Issue 6, June 2004 Page(s):883 - 897
Summary: This paper discusses interoperability of digital rights management (DRM) systems. We start by describing a basic reference model for DRM. The cause of interoperability is served by understanding and circumscribing what DRM is "in the whole." Then we .....
Abstract / Full Text: PDF(376 KB) / Full Text: HTML IEEE JNL
12. Improving the TCPA specification
Arbaugh, B.;
Computer
Volume 35, Issue 8, Aug. 2002 Page(s):77 - 79
Summary: The Trusted Computing Platform Alliance (TCPA) specification is a new computing platform for the next century that will provide for improved trust in the PC platform. Improving information security is an important and timely goal, but not at the cost.....
AbstractPlus / Full Text: PDF(234 KB) IEEE JNL
13. Conditional access in mobile systems: securing the application
Gallery, E.; Tomlinson, A.;
Distributed Frameworks for Multimedia Applications, 2005. DFMA '05. First International Conference on
6-9 Feb. 2005 Page(s):190 - 197
Summary: This paper describes two protocols for the secure download of content protection software to mobile devices. The protocols apply concepts from trusted computing to demonstrate that a platform is in a sufficiently trustworthy state before any applicat.....
Abstract / Full Text: PDF(208 KB) IEEE CNF
14. How Trusted Computers can Enhance for Privacy Preserving Mobile Applications
Pearson, S.;
World of Wireless Mobile and Multimedia Networks, 2005. WoWMoM 2005. Sixth IEEE International Symposium on a
13-16 June 2005 Page(s):609 - 613
Summary: Trusted computing is designed to be a cheap, exportable and ubiquitous way of improving the security of personal, corporate and government data. This paper gives an introduction to how trusted computing can be relevant to mobile and pervasive computi.....
Abstract / Full Text: PDF(120 KB) IEEE CNF
15. Grey level modification steganography for secret communication
Potdar, V.M.; Chang, E.;
Industrial Informatics, 2004. INDIN '04. 2004 2nd IEEE International Conference on
24-26 June 2004 Page(s):223 - 228
Summary: Security, privacy, anti-virus, trusted computing, intrusion detection and information protection are major concerns in today's industrial informatics. They are regarded as critical components for industrial based IT solutions (Zincheng, N et al.,2003.....
Abstract / Full Text: PDF(639 KB) IEEE CNF
16. ASDViews [relational databases]
Garvey, C.; Wu, A.;
Security and Privacy, 1988. Proceedings., 1988 IEEE Symposium on
18-21 April 1988 Page(s):85 - 95
Summary: A description is given of ASDViews, an implementation of views as the security object in a multilevel secure relational database management system (DBMS) that results in a small trusted computing base (TCB) as required to meet the criteria for evalua.....
Abstract / Full Text: PDF(708 KB) IEEE CNF
17. A near-term design for the SeaView multilevel database system
Lunt, T.F.; Schell, R.R.; Shockley, W.R.; Heckman, M.; Warren, D.;
Security and Privacy, 1988. Proceedings., 1988 IEEE Symposium on
18-21 April 1988 Page(s):234 - 244
Summary: The SeaView formal security policy model admits a range of designs for a multilevel secure relational database system. The requirement for a near-term implementation suggests that the design should utilize existing technology to the extent possible. .....
Abstract / Full Text: PDF(944 KB) IEEE CNF
18. A multi-level secure message switch with minimal TCB: architectural outline and security analysis
Lipper, E.H.; Melamed, B.; Morris, R.J.T.; Zave, P.;
Aerospace Computer Security Applications Conference, 1988., Fourth
12-16 Dec. 1988 Page(s):242 - 249
Summary: The authors describe an architectural outline for a generic secure message switch. They highlight key security issues germane to the structure and functionality of a switch for routing messages of multiple sensitivity levels over communication media .....
Abstract / Full Text: PDF(624 KB) IEEE CNF
19. Structuring trust in a large general purpose operating system
Parker, T.A.;
Aerospace Computer Security Applications Conference, 1988., Fourth
12-16 Dec. 1988 Page(s):152 - 158
Summary: A description is given of the approach taken by ICL to ameliorate the problem of evaluating the security of a large operating system in which the number of TCB (trusted computing base) and trusted process code procedures is large enough to make exhau.....
Abstract / Full Text: PDF(552 KB) IEEE CNF
20. TCB subsets: the next step
Vetter, L.; Smith, G.; Lunt, T.F.;
Computer Security Applications Conference, 1989., Fifth Annual
4-8 Dec. 1989 Page(s):216 - 221
Summary: The advantages of TCB (trusted computing base) subsetting for building multilevel database systems are discussed, and the architectural impact on the database system when the TCB subsetting approach is used in a real implementation is described. Part.....
Abstract / Full Text: PDF(356 KB) IEEE CNF
21. TCB subset architecture
Vetter, L.L.;
Computer Security Applications Conference, 1989., Fifth Annual
4-8 Dec. 1989 Page(s):107
Summary: The advantages of using TCB (trusted computing base) subset architecture in designing secure RDBMS (relational database management system) products are described. These advantages include ease of evaluation, portability, full operating system feature.....
Abstract / Full Text: PDF(52 KB) IEEE CNF
22. Considerations on TCB subsetting
Winkler-Parenty, H.B.;
Computer Security Applications Conference, 1989., Fifth Annual
4-8 Dec. 1989 Page(s):105 - 106
Summary: The hierarchical trusted computing base (TCB) subsetting architecture, which is intended to allow database management systems (DBMSs) to take advantage of the effort expended in producing and evaluating trusted multilevel operating systems, is discus.....
Abstract / Full Text: PDF(116 KB) IEEE CNF
23. Does TCB subsetting enhance trust?
Feiertag, R.J.;
Computer Security Applications Conference, 1989., Fifth Annual
4-8 Dec. 1989 Page(s):104
Summary: Trusted computing base (TCB) subsetting consists of subdividing a large TCB into smaller separate TCBs, each of which can be separately designed, implemented, and analyzed. The idea of TCB subsetting is attractive because it can simplify the difficul.....
Abstract / Full Text: PDF(60 KB) IEEE CNF
24. Challenges of tomorrow-the future of secure avionics
Swangim, J.; Strauss, J.L.; Kolkmeier, T.J.; Acevedo, T.; Friedman, A.;
Aerospace and Electronics Conference, 1989. NAECON 1989., Proceedings of the IEEE 1989 National
22-26 May 1989 Page(s):580 - 586 vol.2
Summary: The authors identify INFOSEC (information security) challenges specific to advanced avionics in military systems and present a methodology for addressing these challenges. This methodology is based on a system engineering approach to integration of s.....
Abstract / Full Text: PDF(648 KB) IEEE CNF
25. A security policy for an A1 DBMS (a trusted subject)
Wilson, J.;
Security and Privacy, 1989. Proceedings., 1989 IEEE Symposium on
1-3 May 1989 Page(s):116 - 125
Summary: A security policy for a multilevel secure relational database management system (DBMS) is stated. The DBMS is implemented as a trusted subject that can be hosted on any of a variety of secure operating systems. Accordingly, the policy is stated in tw.....
Abstract / Full Text: PDF(688 KB) IEEE CNF
View: 1-25 / 26-50 / 51-53
» View Session History
» New Search
» Key
Indicates full text access
IEEE JNL IEEE Journal or Magazine
IEE JNL IEE Journal or Magazine
IEEE CNF IEEE Conference Proceeding
IEE CNF IEE Conference Proceeding
IEEE STD IEEE Standard
Help Contact Us Privacy & Security IEEE.org
© Copyright 2005 IEEE – All Rights Reserved
I can say with great certitude that the PP will take place sometime next week. I will be on vacation and my wife insists that I "get away".
Of course, I can say that the moon is made of green cheese... does it make it so?
I expect I'll be on the beach dreaming of what I might return to. (Maybe I'll be able to sneak a peak at a paper, too.)
-R
Barge- Yup. eom
I'm resigned to the likelyhood that nothing but real numbers (perhaps not even from Dutton) will significantly move the SP. When the PP comes the SP will probably still take a hit (hopefully from above a buck though). I do, however, subscribe to the camp that says that it's here. I've made some good trades the last week and plan to keep some dry powder for when (if) the PP comes... Heck, maybe we could meet in Vegas before Christmas (or RamaHanaKwansMas if one so desires).
Life is good and getting better.
-R
No DD: Has Sisyphus finally been freed from rolling his rock?
Honestly, I feel like Wave has been my rock to roll. Has the rock finally made it to the top? (perhaps Dell was the crest and now STM is the other side of the hill!)
-R
The PR popped up in my streaming news at Ameritrade APEX.
-R
STMicroelectronics Enters Volume Production of Trusted Computing Solution and Delivers More Than One Million Chips to Motherboard Manufacturers
PR Newswire - July 11, 2005 09:12
ST leads the Trusted Platform market with TCG 1.2 device for personal computer security
GENEVA, July 11, 2005 /PRNewswire-FirstCall via COMTEX/ -- STMicroelectronics (NYSE: STM) today announced volume production of the ST19WP18 Trusted Platform Module (TPM), and
...
OT: Dell Launches Lifecycle Services for Small Businesses; Offerings Address Small-Business Needs Including Mobility, Security and Asset Management
http://www.amtdrt.inlumen.com/bin/story?StoryId=CqThUWbKbmtKYyJu3otq
Dell Launches Lifecycle Services for Small Businesses; Offerings Address Small-Business Needs Including Mobility, Security and Asset Management
Business Wire - July 11, 2005 08:00
ROUND ROCK, Texas, Jul 11, 2005 (BUSINESS WIRE) -- Dell (NASDAQ: DELL) today announced the availability of select services designed to make the installation, support and recovery of technology equipment easier, quicker and more efficient for small business customers.
The offerings reflect the challenges small-business customers face when planning, implementing and maintaining a networked environment and recycling older systems. One service announced today supports the new PowerEdge(TM) SC430, one of the first servers to feature Intel's new dual-core processor technology specifically suited for small business customers.
Dell's Custom Network Installation Assessment service helps customers build out their network infrastructure including server and storage installation and maintenance. It also helps customers implement capabilities for their desktop and notebook environment including wireless networks, remote access and data back-up and helps customers make those environments more secure including hardware and software firewalls, antivirus and spyware protection. Once the strategy is in place, Dell can install customers' hardware and software with its small business customer installation services. Prices for Custom Network Installation Assessments begin at $279.
"We're seeing more and more small businesses realize the full value of Dell as they combine products and services to build out their technology infrastructure," said Frank Muehleman, vice president of Dell's small and medium business segment. "Dell is dedicated to developing offerings that are most relevant to meet the needs of small business customers and help them grow quickly and efficiently."
Cowan DiGiacomo & Associates, LLC, a growing New Jersey-based accounting firm, needed a new network infrastructure that would help them take advantage of the latest computing technology. "Based on a thorough assessment of our needs and a true understanding of where we are going as a company, Dell Services created a new infrastructure that has given us a fast and secure connection to the Internet, increased mobility for our employees, and created a reliable system for storing and backing up our valuable business data," said Christopher DiGiacomo, CEO of the firm. "This tailored approach will help us grow and enable us to serve our customers in the best way possible."
Small business customers who purchase Dell's advanced Tech Support can receive a greater level of support, quicker response time and resolution. Generally, small businesses purchasing Dell's advanced tech support can have their calls answered within minutes by advanced technicians.
Customers who recycle with Dell can receive a certificate of disposal that verifies that recycling was done in a manner designed to meet EPA guidelines. Customers can also donate their systems through a partnership with The National Cristina Foundation.
For more information on the Custom Network Installation Assessment visit www.dell.com/assessment. For more small business service offerings visit www.dell.com/solutionsteam.
About Dell
Dell Inc. (NASDAQ: DELL) is a trusted and diversified information-technology supplier and partner, and sells a comprehensive portfolio of products and services directly to customers worldwide. Dell, recognized by Fortune magazine as America's most admired company and No. 3 globally, designs, builds and delivers innovative, tailored systems that provide customers with exceptional value. Company revenue for the past four quarters was $51.1 billion. For more information about Dell and its products and services, visit www.dell.com.
Dell is a trademark of Dell Inc.
Dell disclaims any proprietary interest in the marks and names of others.
SOURCE: Dell Inc.
Dell Inc., Round Rock
Bob Kaufman, 512-723-5494
bob_kaufman@dell.com
or
Roe Thiessen, 512-725-1405
roe_thiessen@dell.com
Copyright Business Wire 2005
Sounds like this one.
http://www.investorshub.com/boards/read_msg.asp?message_id=6819567
OT- see my bolded. -R
http://www.amtddj.inlumen.com/bin/djstory?StoryId=CqS36qaebqLqWmdqYodu
07-08-05 1128ET
Copyright (c) 2005 Dow Jones & Company, Inc.
=DJ Altiris Down; Cuts Guidance, Sees Uncertainty Ahead
By Deborah Finestone
Of DOW JOENS NEWSWIRES
NEW YORK (Dow Jones)--Shares of Altiris Inc. (ATRS) fell 13.5% Friday to a two-year low after the enterprise software company lowered its second-quarter guidance and said a slowdown in large sales and changes with a primary customer would hamper growth for the rest of the year.
"Most concerning of all is management's comments on competitive pressures, pricing pressures, and its lowered outlook for the year," Think Equity analyst Peter Coleman wrote in a research note. "We are pleased to hear that management is lowering its outlook and planning a restructuring to lower its expenses."
Altiris said its performance through its original-equipment-manufacturer partner Hewlett-Packard Co. (HPQ) was below expectations due to several larger transactions that were pushed to future periods.
The company expects H-P to represent about 20% of revenue in the second quarter, for which it will report results in early August, down from 31% in the prior quarter.
"We have a strong installed base, an active pipeline of opportunities through H-P, and do not believe that our relationship with H-P is going away," Chief Executive Greg Butterfield said on a conference call Thursday, according to a transcript provided by Thomson StreetEvents.
Future sales through H-P are also likely to slow due to a change in incentives for H-P's salesforce, he said.
However, sales to Altiris' other primary customer, Dell Inc. (DELL) are expected to increase to 28% of revenue from 18% in the first quarter, Butterfield said.
Butterfield said the company is planning for 10% to 15% revenue growth in 2005. On the call, he also noted the infrastructure management market as a whole may see growth slow to 5% to 6% a year, well below other estimates, noted Jefferies analyst Katherine Egbert, who rates the shares at underperform.
Altiris said it closed a record number of transactions of more than $100,000 in size, but the average size of such transactions declined dramatically, as customers scrutinized major infrastructure software purchases more carefully.
Nonetheless, Butterfield said the company remains well-positioned long-term, as customers continue to want its software to reduce the cost and complexity of systems management.
"We expect a more modest contribution from H-P during the second half of 2005, and we anticipate increased competition from other systems management vendors," he said. "Therefore, we are more cautious about our outlook for the remainder of the year.
"We are performing a detailed review of our business operations and intend to take quick and decisive action to more closely align our operating model and go-to-market strategies with near-term revenue opportunities," he said. On the call, he declined to specify if it would cut its staff or where else the company may cut expenses.
"Our main concern is Altiris' ability to grow market share in a market dominated by the major platform vendors," said Coleman, who rates the shares at accumulate. Altiris' competitors include Microsoft Corp. (MSFT), BMC Software Inc. (BMC), Computer Associates International Inc. (CA) and H-P.
Meanwhile, Altiris' March acquisition of Pedestal Software has also not contributed as expected, Butterfield said.
"The bottom line is the sales cycle is longer-than-expected," he said on the call, declining to detail what sales were. "We still believe in the strategic fit of the Pedestal products."
Excluding special items, the software company projects second-quarter earnings of 6 cents to 7 cents a share, lower than its April projection of roughly 20 cents a share.
The latest projection includes a loss of 1 cent for foreign exchange losses, but excludes stock-based compensation, amortization of intangible assets and other items.
Analysts polled by Thomson First Call, on average, currently expect second-quarter earnings of 19 cents a share.
A year ago, the company earned 20 cents a share, excluding items.
Altiris cut its revenue guidance to a range of $45 million to $46 million from a previous range of $50 million to $53 million. Wall Street expects revenue of $51 million, while the company posted revenue of $40 million a year earlier.
ThinkEquity makes a market in shares of Altiris.
The shares recently traded at $12.85, down $2.00, or 13.5%, on volume of 1.8 million shares, about four times its average daily volume. Shares haven't traded in the $12-range since March 2003.
-By Deborah Finestone; Dow Jones Newswires; 201-938-2205
(END) Dow Jones Newswires
07-08-05 1157ET
Copyright (c) 2005 Dow Jones & Company, Inc.
This is good... Thanks khillo. Sorry I snipped but copyright and all.
-R
Trusted Computing
In the past few years, increasing volumes of malicious
software, or malware (such as Trojan horses, computer
viruses, worms, and combinations thereof ), and corresponding
attacks have emerged. The situation is bad
and likely to get worse.
<snip>
In this article, we argue that trusted computing
has its merits but that this technology is unlikely to
be a complete remedy for PC security problems.
Trusted computing basics
The computer industry has accommodated the idea of
trusted computing in various ways. In 1999, Intel, Microsoft,
IBM, Hewlett-Packard, and several other companies
formed the Trusted Computing Group Platform
or TCG (formerly known as the Trusted Computing
Platform Alliance [TCPA]; www.trustedcomputinggroup.
org) to work on creating a new computing platform
for the next century that provides for improved
trust in the PC platform. The TCG published the
Trusted Platform Module (TPM) specification, currently
in version 1.2, and a corresponding protection
profile (PP) for the Common Criteria (CC), which
represents efforts to develop formal criteria for evaluating
its security.5 Based on these specifications, Microsoft
announced in 2002 that it would be incorporating
its TPM implementation, preliminarily named
Palladium, into future versions of its Windows OS.
More recently, MS has started to promote Palladium
under the newly coined title Next-Generation Secure
Computing Base (NGSCB).
<snip>
Yet, it’s
not clear (and probably too early to tell) to what extent
Microsoft and other manufacturers will try to control systems’
hardware and software. In either case, implementing
trusted computing requires a secure and reliable
bootstrap architecture, as other literature has proposed.7
The boot-time process
According to TCG specifications, trusted computing requires
a TPM that acts as a monitoring and reporting component.
(The TPM is sometimes also referred to as the
“Fritz chip” (in honor of Senator Ernest “Fritz” Hollings
[D.- S.C.], who’s trying to make trusted computing
mandatory in all consumer electronics.8) In a first phase of
deployment, the TPM will be a special chip embedded in
a smartcard or dongle that’s soldered to the motherboard.
In a second phase, the TPM will be integrated in the main
processor, offering additional security (because data
shouldn’t be transferred on buses between the TPM and
the CPU). On booting up, the TPM takes charge, checking
that the boot ROM is as expected, then loading and
executing it, and, finally, verifying the system’s state. It then
checks the first part of the operating system, loads and executes
it, and again verifies the system’s state. This procedure
repeats for all relevant software modules that are loaded and
made available to the system at boot time, therewith
steadily expanding the trust boundary (that is, known and
verified hardware and software).
In order to expand the trust boundary, the TCGenabled
system maintains a list of approved hardware and
software components. For each of them, the system
checks whether it’s on the approved list, whether it’s digitally
signed (where applicable), and that its serial number
hasn’t been revoked.
<snip>
There is another reason hardware and software manufacturers
invest time and money developing trusted computing:
digital rights management (DRM). On a trusted
computing platform, the applications and files that users
download, browse, or work with can’t be tampered with.
Consequently, such platforms will make it considerably
harder to run software, download DVDs, or listen to MP3
music files without having properly licensed them. This
fact has given rise to an ongoing controversy on the effects
of DRM on the free-market economy and civil rights.
Clearly, a software-controlled or software-closed system is
a prerequisite to implementing DRM—in the past, all
other approaches failed miserably, including such examples
as copy protection schemes for software, DVDs, and
e-books. If we accept that intellectual property is a good
that deserves legal protection, trusted computing might
provide a technical solution. In this article, however, we
focus on the security issues that trusted computing might
tackle; we’ll leave aside the DRM discussion, which is examined
in more detail elsewhere.8,9
Can trusted computing
solve security problems?
,<snip>
In light of these facts, you might wonder whether
trusted computing can contribute to solving the PC’s
security problems. By design, trusted computing
• can control and selectively execute software on a computer
system—that is, it provides the means to authenticate
and authorize software and verify its authenticity
and integrity before it’s executed; but
• can’t guarantee that software executed on a computer
system is free of programming errors (vulnerabilities) or
malicious pieces of software (Trojan horses) that could
be exploited.
In fact, there are no convincing reasons why we would
expect to see substantially fewer programming errors on
TCG-enabled computing systems. Thus, if executing
nonauthenticated and nonauthorized software poses the
main risk to security, there’s a good chance that trusted
computing could resolve a great deal of it. If, however, a
PC’s security is mainly endangered by programming errors
and corresponding exploits, notably in the operating
system or ubiquitous application software, trusted computing
is much less likely to be efficient at fighting it.
Real-world examples
Let’s look at some recent security-related incidents on
the Internet.
<snip>
In all of these examples (except for the
Sobig.F worm), vulnerabilities were exploited in software
that’s likely to exist and run in any trusted computing
environment. Finding efficient ways of propagation
that would elude detection by the operating system is left
to the programmer’s imagination. Trusted computing
can protect against manual execution of malware, such as
by opening a binary email attachment, or against malicious
code, which must register with the operating system.
It is absolutely powerless, however, if the malware
exploits vulnerabilities, flaws, and bugs in legitimate soft-
18 IEEE SECURITY & PRIVACY ■ MARCH/APRIL 2005
Trusted Computing
ware for its own purposes.
<snip>
We all remember Matt Blaze’s attack against
the Clipper chip (where, in a nutshell, the authentication
code field was too short to protect against an exhaustive
key search),14 or Dan Brumleve’s Brown Orifice demonstration
tool (which exploited a Java security hole in
Netscape’s browser that turned a PC into a server on the
Internet; www.cert.org/advisories/CA-2000-15.html).
Both examples showed that even security technologies
can be designed and implemented with flaws and bugs.
Trusted computing could indeed solve some of the
PC’s security problems, but we’re still far from a radical
remedy—and the additional security will be bought
dearly with a dramatic loss in PCs’ flexibility and versatility.
This will make life harder not only for the user, but for
small software manufacturers and open-source software
developers as well.
Trusted computing in general, and software-closed or
software-controlled systems in particular, should target
specific market segments with stringent security and
reliability requirements and needs. Clearly, many vulnerabilities
will still exist and things will go wrong, but a
computer system that implements trusted computing is
certainly more secure—or can at least be secured more
easily—than one that doesn’t. The level of security, however,
strongly depends on the details of design and implementation
(which are not clear yet for almost all trusted
computing manufacturers). This is particularly true if
considering that large portions of the software running
on these systems will be written in the C programming
language, which is certainly not well designed from a security
viewpoint. Furthermore, experiences with multilevel
security (MLS) and MLS-based computer systems,
with regard to trusted computing’s practicability and
security, haven’t been very promising.
The intrinsic battle between functionality and security
is one of the fundamental issues computer security
professionals must deal with, and this situation is expected
to linger for quite some time. It will be interesting
to see to what extent and for what markets hardware and
software manufacturers will implement trusted computing
and whether they will be successful. We can at least
hope that TCG-enabled computer systems will make it
more difficult for hardware and software manufacturers
to avoid product liability, easing the chance of consumers
winning court cases for losses caused by defective products.
This might make manufacturers try that much
harder to provide quality hardware and software, resulting
in a previously unintended side effect of trusted computing
initiatives.
References
1. S. Staniford, V. Paxson, and N. Weaver, “How to Own
the Internet in Your Spare Time,” Proc. 11th Usenix Security
Symp. (Security 02), Usenix Assoc., 2002, pp.
149–167; www.icir.org/vern/papers/cdc-usenix-sec02/.
2. D. Moore et al., “Inside the Slammer Worm,” IEEE Security
& Privacy, vol. 1, no. 4, 2003, pp. 33–39.
3. F. Cohen, “Computer Viruses—Theory and Experiments,”
Computers & Security, vol. 6, no. 1, 1987, pp. 22–35.
4. R. Shirley, Internet Security Glossary, RFC 2828, May
2000, www.faqs.org/rfcs/rfc2828.html.
5. Trusted Computing Platform Alliance, Trusted Platform
Module Protection Profile, tech report, version 1.9.7., July
2002; www.commoncriteriaportal.org/public/files/
ppfiles/PP_TCPATPMPP_V1.9.7.pdf.
6. P. England et al., “A Trusted Open Platform,” Computer,
vol. 36, no. 7, 2003, pp. 55–62.
7. W.A. Arbaugh, D.J. Farber, and J.M. Smith, “A Secure
and Reliable Bootstrap Architecture,” Proc. IEEE
Symp. Security and Privacy, IEEE CS Press, 1997, pp.
65–71.
8. R. Anderson, Trusted Computing Frequently Asked Questions—
TC/TCG/LaGrande/NGSCB/Longhorn/Palladium/
TCPA, v. 1.1, Aug. 2003, www.cl.cam.ac.uk/
~rja14/tcpa-faq.html.
9. R. Anderson, “Cryptography and Competition Policy—
Issues with ‘Trusted Computing,’” Proc. 22nd ACM
Ann. Symp. Principles of Distributed Computing, ACM Press,
2003, pp. 3–10; www.ftp.cl.cam.ac.uk/ftp/users/rja14/
tcpa.pdf.
10. R. Oppliger, Security Technologies for the World Wide Web,
2nd ed., Artech House, 2003.
11. H.H. Thompson, “Why Security Testing Is Hard,” IEEE
Security & Privacy, vol. 1, no. 4, 2003, pp. 83–86.
12. K. Thompson, “Reflections on Trusting Trust,” Comm.
ACM, vol. 27, no. 8, 1984, pp. 761–763.
13. J. Nazario, Defense and Detection Strategies against Internet
Worms, Artech House, 2003.
14. M. Blaze, “Protocol Failure in the Escrowed Encryption
Standard,” Proc. 2nd ACM Conf. Computer and Comm.
Security, ACM Press, 1994, pp. 59–67.
Rolf Oppliger is a scientific employee at Swiss Federal Strategy
Unit for Information Technology (FSUIT). He also leads eSECURITY
Technologies, teaches at the University of Zurich, and is
the editor of Artech House’s computer security book series.
Oppliger has an MSc and a PhD in computer science from the
University of Berne, and received the venia legendi from the University
of Zurich. He’s a member of the IEEE Computer Society,
the ACM, the International Association for Cryptologic Research,
and the International Federation for Information Processing.
Contact him at rolf.oppliger@isb.admin.ch.
Ruedi Rytz is a scientific employee at FSUIT. His research interests
are computer and network security, information assurance,
and critical information infrastructure protection. Rytz has an
MSc and a PhD in physical chemistry from the University of
Berne. Contact him at ruedi.rytz@isb.admin.ch.
www.computer.org/security/ ■ IEEE SECURITY & PRIVACY 19
A Digital Angel company.
TPM's made television:
Just saw an ad on CNBC touting HP's Protect Tools "not just software but built in hardware technology to..." (roughly quoted). This was for the NX 6110 and was all about its built in security.
Good things are coming for trusted computing. (ergo for Wave?).
-R
Interesting opportunities... If I recall, someone on the board posted an article about CA schools and security recently? Wonder if we had any exposure at the conference (my bolded below).
-R
http://news.moneycentral.msn.com/ticker/article.asp?Feed=BW&Date=20050628&ID=4923400&Sym...
San Diego School District Unites Its 202 Schools With Cisco IP Technology; Significant Cost Savings Expected Over the Next Five YearsadvertisementRelated information E-mail this article Print-friendly versionStocks mentioned in this articleCisco Systems, Inc.(CSCO) Quote, Chart, News
All Business Wire NewsCisco Systems(R) CSCO today announced that San Diego City Schools (SDCS) is deploying a Cisco converged Internet Protocol (IP) network infrastructure in all of its 202 schools and district offices. The Cisco IP-based network is expected to improve SDCS's communication and student achievement by running voice, video and data applications through one centralized network. As a result of this centralization, significant cost savings are expected over the next five years, enabling more efficient delivery of Web-based applications to desktops across the district.
Recent investing newsStocks are on borrowed time Community Bancorp Inc. Joins the New Russell Microcap Index Halal Financial Services Inc - Partner with Michael Gassner, Islamic Finance Consultancy Firm Federal Signal Corporation Announces Establishment of Federal Signal Environmental & Sanitary Vehicle Company, Ltd., Based Near Shanghai, China Morningstar Founder to Buy Two Magazines
SDCS is currently rolling out Cisco IP phones to enable desktop video conferencing for all principals in the district. With this solution, principals may no longer have to travel to a central location for staff development training, saving valuable time and money. The district is also working on making available delivery of its board meetings over their IP Network, and has plans to deliver online professional development videos for teachers and curriculum materials for students. The district hopes to complete installation of the entire IP infrastructure over the next five years.
Today's announcement was made at the National Education Computing Conference (NECC) in Philadelphia, where Cisco (booth #1630) is demonstrating its suite of K-12 networking solutions that help districts achieve educational excellence and administrative efficiency, while reducing costs and increasing school productivity.
"We needed to update multiple data systems in our district. And our infrastructure needed to support those systems," said Michael Casey, executive director of IT for SDCS. "By working with Cisco, San Diego City Schools now has the technological foundation to efficiently organize our data and enhance communications across the district. This gives teachers and administrators more time to focus on our children's education. Cisco is enabling us to successfully incorporate new technologies to modernize our operations while helping to reduce costs."
The district implemented an overhaul of its entire network infrastructure to consolidate the functions of voice, video and data. This included their Wide Area Network (WAN) and Local Area Network (LAN) plus adding advanced technologies such as Cisco's Content Delivery Engines for video distribution. All schools in the district now have access to highly secure IP video distribution. The district has already seen many benefits from its converged IP network, including increased scalability, security and bandwidth savings. Most importantly, the network has helped to streamline communications across the district. Significant cost-savings are also evident, which the district expects to continue receiving during the next five years as it deploys additional Cisco technology currently in testing at its pilot school.
"San Diego City Schools is an excellent example of how Cisco technology enables applications that help districts become more efficient entities," said Charles Fadel, global lead, education for Cisco Systems. "Plus, by converging voice and video communications the district is also able to integrate technology into the curriculum to provide students and teachers with the best learning resources available."
IP-based solutions are among the portfolio of offerings that Cisco is demonstrating this week at NECC to help educators to "create truly connected schools, and be part of a connected community." Cisco will be displaying its education product portfolio including:
-- Cisco Network Solutions for Education
-- Cisco Direct Line Solution for K-12
-- Cisco IP Video Conferencing Solution for K-12
-- CiscoSecure Wireless Solution for K-12
-- Cisco Networking Academy
The entire suite of Cisco's K-12 solutions, programs and resources are now available. More information on Cisco's Education Solutions can be found at www.cisco.com/en/US/strategy/education/index.html.
About Cisco Systems
Cisco Systems, Inc. CSCO, the worldwide leader in networking for the Internet, celebrates 20 years of commitment to technology innovation, industry leadership and corporate social responsibility. Information about Cisco can be found at http://www.cisco.com. For ongoing news, please go to http://newsroom.cisco.com. Cisco equipment in Europe is supplied by Cisco Systems International BV, a wholly owned subsidiary of Cisco Systems, Inc.
Cisco, Cisco Systems, and the Cisco Systems logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. This document is Cisco Public Information.
Contact Information: Cisco Systems, Inc. Linda Horiuchi, 408-853-5464 (Media Relations) lhoriuch@cisco.com Ward Wrzenski, 617-589-4303 (Industry Analyst Relations) wwrzensk@cisco.com Liz Lemon, 408-527-8452 (Investor Relations) lemon@cisco.com
© 2005 BusinessWire
quite a gap on bid/ask. Hope it breaks up.
-R
It is not just the size of US Government opportunity. Many overseas standards are on or just over the horizon. I've been a bit bored with the vitriol and ad hominem of the board over the last couple of months but feel it may be a positive sign (Ok- I'm way over-thinking.) 10Q will point to the future one way or the other. IMO Wave will make it or break it in the government and enterprise space. Growth potential will then be seen next the international governmental and enterprise spaces FOLLOWED by the consumer space. Of course, all just in MMHAIIO (<-My Most Humble And Ill Informed Opinion).
http://www.investorshub.com/boards/read_msg.asp?message_id=5380899
Still here,
-R
Sorry if already posted.
http://software.silicon.com/applications/0,39024653,39130906,00.htm
Quocirca's Straight Talking: Does DRM make sense for business?
June 02 2005
by Quocirca
It could alleviate compliance headaches...
While digital rights management has sparked plenty of controversy in the consumer realm, Quocirca's Jon Collins sees how the technology could be practical for enterprises looking to enforce their data policies.
E-mail to a friend
Printer friendly
Reader Comments
Post your comment here
The interest in digital rights management (DRM) technology in the workplace seems to be mounting, with products from companies such as Adobe and Microsoft putting their marketing muscle behind the technology.
Is there really anything to this or is it just a way of extending already-bloated tools to add some justification to the idea of an upgrade?
First it's worth distinguishing corporate DRM from consumer DRM, which sets controls on how music, video and games can be accessed and distributed. While the underlying technologies (encryption, identity management and so on) may be shared, corporate DRM differs in that it is more about setting controls on documents and other files to ensure they are read, stored, printed, forwarded and otherwise used in an agreed manner. For example, with corporate DRM, if a corporate standards document was flagged as 'company internal only', an email tool would reject attempts to send it outside the company, inadvertently or otherwise. It is this corporate flavour I'm talking about.
At first glance DRM does look opportunistic, in that there is little left for purveyors of unstructured information (or documents, as you and I call them) to add to their tools. Platforms such as Microsoft Exchange and Lotus Notes already have capabilities beyond the ken of most companies to exploit them. Simple features such as shared folders as well as more advanced workflow capabilities lie largely idle as most people use only a small subset of such capabilities.
In the shape of encryption, basic rights protection has been around for years. Most email clients offer the possibility of encrypting or digitally signing an email but it is a rare message indeed that features such marks. There are a number of reasons why not, not least that individuals don't even know the features are there. Once they do, they have to have sufficient reason to use them, as well as the knowledge that the person at the other end will know what to do with the result.
A similar criticism could be levelled at DRM were it considered only as a tool for individuals. As a corporate tool to be used across a standardised infrastructure, however, we have a different picture.
Companies are looking at DRM as an enforcement mechanism for corporate standards, not just for their own sake but in order to demonstrate compliance with external regulations. Within the corporate environment, DRM becomes an enabler of new mechanisms. It enables traceability - knowing who has seen what - and therefore affords better control over the document production process. It offers facilities such as time limits on documents, ensuring the expiry of guidelines or allowing a certain number of accesses, entering into the realms of more consumer-oriented DRM.
There are several processes that have been considered outside the remit of corporate IT - for example, the electronic distribution of payslips or other personal information. Mechanisms such as these enable a fairly high level of trust to be built into the system and therefore give it wider scope inside the boundaries of the corporation. In future there may be a wider scope for DRM, including managing supplier and customer information, purchasing orders, preparing invoices and the like. But for now dealing with internal needs is enough. Indeed, if we can't get this bit right, there is little chance of achieving it with those outside the periphery.
A company wanting to implement DRM needs to take certain prerequisites into account. First, while there are DRM software companies such as SealedMedia and Authentica whose products can deal with a variety of document formats, it is preferable to have a standardised software environment in place to minimise the operational overhead. Second, you will need to understand what the current policy drivers are for documents within the company. For example, organisations with an up-to-date quality plan may already have defined several categories of documents and a policy for which employees can access them. DRM is about process as much as it is about technology, so it is important to ensure the correct mechanisms and policies are in place to support the DRM applications.
With these criteria in mind, the Adobe and Microsoft solutions each have their strengths and weaknesses. Microsoft's offering has the 'seamless integration' advantage - perhaps the phrase should be taken with a pinch of salt but from a usability standpoint it is no doubt beneficial to have the DRM facilities available from within the Office toolset.
Adobe's path starts where Office leaves off, acting as an electronic version of a printer that can transport formatted copy as needed - even onto mobile devices. Adobe has the advantage for certain purposes in that the PDF format is recognised as a legal document, a point which Microsoft is no doubt keen to address.
In helping to reduce risks, DRM can be seen as a component of a company's security environment. It should only ever be seen as a partial security mechanism, however. It can enforce policy such that an individual is aware when he is doing something he shouldn't but it cannot prevent absolutely documents from being copied.
There is a definite need for corporate DRM, and it is good to see the major software vendors stepping up to the plate. Just don't expect it all to happen automatically.