Wave Systems Corp. (fka WAVXQ)

[awk]

Eamonnshute: Professor Bill Caelli visited digitalidworld.com

One may, of course, not be in agreement with Prof. Caelli, fact is that he appears to point out exactly where Wave Systems' role in the TCG comes into the equation...


http://www.digitalidworld.com/modules.php?op=modload&name=News&file=article&sid=74&m....

Identity / Authenticity and Palladium

1. Basic computer security understanding has been around for a long time ( See: the MULTICS security work of the 1970s which led to the security architecture in the current Intel CPU chips themselves, the Bell-LaPadula model for privacy, etc.) and has been widely understood for quite a while. There are quite a few topics that just seem to be missing in the overall technical discussion with Microsoft over its Palladium.

2. User identity and associated verification does not need motherboard / CPU chip mods. As Germany has shown, a USB connected "PINPad"unit with full crypto facilities, smart card reader/writer. LCD display and integrated keyboard provides a trusted add-on environment capable of providing all the facilities needed for secure e-commerce. We are all used to seeing just that at our local Wal-Mart ATM card / EFTPOS unit attached to the cash register and widely accepted by the banking and finance industry. So, why has Microsoft bothered with such an expensive approach to an already solved problem ? The only new problem Palladium seems to try to solve is Digital Rights Management at the actual PC/workstation level itself - not any user identity or allied e-commerce security requirement.

3. Trusted Systems : The interview with Microsoft just failed to ask the right questions. Let's look why. The Intel Pentium chip inherits all the MULTICS based security architecture that started with the excellent Intel iAPX-286 chip (PC-AT) with its, a. 4-security-ring structure and b. its segmented memory structure and c. its separation of data and code through the INtel CSEG, DSEG, SSEG structures. BUT - Microsoft's Windows neglects all this and uses a simple "flat memory model". No need! The structure is there now - just get Microsoft to turn it on PROPERLY - imagine, no more buffer overflow problems as a stack segment overflow is detected by hardware - yes- now! In other words, just turn the Intel iAPX-86 security architecture ON, not OFF.

4. Now - one question that was not asked is the simple one. Verification of the source of a program through digital signature verification says nothing about its reliability or security "awareness". Limitation of any bad effects of such programs can only occur in a computer operating system that approaches the early "B2" definitions of the "Orange Book" of the 1980s. In addition, verifying a digital signature requires access to the associated public key - either directly (trusted directory) or via some certificate structure. All this still means that the public key has to be obtained dynamically, meaning a non-scalable PKI structure, or installed at manufacture time. The latter would be simple but make the worst fears of anyone come true - the public keys under the control of the OS or CPU/motherboard manufacturer. Did digitalidworld ask Microsoft how they saw the public key file being installed and maintained? A ROM of Verisign certificate authority public keys? Good heavens, I hope not.

The questions just continue - but we have no real indication of just what the basic structures are to be. Will Intel/AMD change the structure of the Itanium/Pentium itself and, if so, how? Will the segmentation architecture of Intel be changed or even removed? The questions are myriad.

regards,
Prof Bill Caelli
Queensland University of Technology
Brisbane,
Australia

w.caelli@qut.edu.au