From: Lil E. <Lil...@gm...> - 2009-07-21 13:21:04
|
There are many different projects with similar goals out there: BitVisor(sourcecode available somewhere) or Daonity and of course flickr, probably more that I am not aware of. They all seem to target a particular use case and scenario. Cutting out Operating System is certainly an elegant and interesting solution. However, I think in its current form and function it is limited. You cannot use shared libraries and there is still the issue with the trusted graphics to be solved. Just some thoughts .... lIl -------- Original-Nachricht -------- > Datum: Sun, 12 Jul 2009 16:04:43 -0700 > Von: Hal Finney <hal...@gm...> > An: tbo...@li... > Betreff: [tboot-devel] Intel\'s P-MAPS research project > I recently learned about Intel's P-MAPS research project which > provides an alternative way of using TPM+TXT to provide attestations > and sealing in the context of a standard OS. Here is a link to the > Intel Research blog post: > > http://blogs.intel.com/research/2009/04/p-maps_an_on-demand_hardware-r.php > > and here is an article in Dr Dobbs Journal which goes into more detail: > > http://www.ddj.com/mobile/218401423 > > The goal is to allow applications running in a standard OS like Linux > or Windows to be able to gain hardware protection from corruption of > other processes or of the OS. This is a hard problem to solve due to > the complexity of modern OS's. P-MAPS bypasses the OS by loading a > Measured Virtual Machine Monitor (MVMM) which runs the OS as a VM. > Then a P-MAPS aware application can make special VM calls directly > into P-MAPS, going around the OS, to request protection. P-MAPS > monitors and virtualizes the OS's page tables and is able to protect > all of the application's pages from rogue access, either from the OS > or other processes. > > Because P-MAPS mostly confines its attention to memory management, it > can be relatively small for a VMM. It doesn't have to worry about > virtualizing devices or networks or I/O or having to load lots of > different drivers. It mostly just manages page tables. This means that > the OS is removed from the Trusted Computing Base (TCB) which greatly > reduces the amount of code which has to be correct in order to achieve > security. > > P-MAPS is also able to perform attestation ("Quote") and sealing on > behalf of protected applications, allowing apps to protect secrets > from other applications and from the OS, and to attest to outside > parties that their data is safe. > > Among other nice features, P-MAPS uses smart loading, such that when > no applications are currently requesting P-MAPS services, it unloads > itself completely and switches the OS from being in a VM back to being > in a normal, non-virtualized mode. Then when a process requests P-MAPS > protection, it re-virtualizes the OS, including doing a TXT launch of > the P-MAPS MVMM. > > All in all this sounds like an amazing range of functionality, a real > tour de force to get all of these technologies (TPM, TXT, VM) working > together successfully. But the net result is a tremendously useful > package that neatly bypasses the dilemma of security vs complexity. > Most solutions today either provide potentially high security with > relatively limited functionality, like Jon McCune's Flicker, or > provide a much wider set of functions, like TBOOT+XEN, at the expense > of a large TCB which inherently undercuts security goals. P-MAPS > appears to be the first solution I've seen that could provide high > security via a small TCB, while retaining the functionality provided > by a standard OS. > > Unfortunately, as a research project it does not sound like something > which is likely to be made available to experimenters any time soon. I > hope Intel will find a way to make the code available as it has done > with TBOOT. P-MAPS is IMO even better suited as a framework for > providing meaningful TXT based protections to today's application > developers. > > Hal Finey > > ------------------------------------------------------------------------------ > Enter the BlackBerry Developer Challenge > This is your chance to win up to $100,000 in prizes! For a limited time, > vendors submitting new applications to BlackBerry App World(TM) will have > the opportunity to enter the BlackBerry Developer Challenge. See full > prize > details at: http://p.sf.net/sfu/Challenge > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel -- Neu: GMX Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate für nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02 |