San Francisco, CA – IBM Research has prototyped a security solution using the infamous Trusted Platform Module that allows users to accurately validate the identity and integrity of all software running on a remote server and client machine. This approach uses a combination of software and hardware architecture defined by an industry standard body called the Trusted Computing Group (TCG).
The architecture involves the "
Trusted Platform Module" (TPM) chip that provides hardware storage of private keys, making it impossible for hackers to spoof computer systems. Any attempts to hack into the system would change the system code, which could be easily detected. By adding a new feature to Linux, the research team has successfully performed security checks that go above and beyond checking the first few steps in powering on the system, the feature designed by TCG. The new solution validates the operating system kernel and all application software running on the system.
As on demand e-business becomes reality, IT infrastructures need to dynamically respond to changing business conditions to drive efficiency, profitability and to capture value in real time. This model will require constant connection and exchanges among systems, which will bring new security challenges. Enterprises used to be able to depend on limited software-based tools to determine if their computing infrastructure was in compliance with the corporate security guidelines. In the on demand world, connected businesses require immediate and highly effective means of measuring the integrity of any systems they are connected to, even through a Grid computing infrastructure or Web services.
Unlike current software-based intrusion detection systems, which are only designed to scan for suspicious patterns in a company's own computer system, this is the first solution that allows users to validate the integrity of the systems they are connected to, including vendors and business partners. If the system's integrity has been damaged, the other machine can either stop exchanging information or isolate and disconnect it from the network. This provides an essential means for verifying the security of computers they are currently using or are considering connecting to in the future.
IBM plans to open source this Linux-based security solution to encourage its adoption by many computer system manufacturers, making this higher level of system integrity a common foundation.
![[RSS]](/themes/LinuxElectrons/images/rss20.gif)
Copyright © 2003 - 2008 LinuxElectrons™
Trusted Platform Module
Submitted by Anonymous on Sun, 12/23/2007 - 06:19."IBM Research has prototyped a security solution using the infamous Trusted Platform Module" Infamous or Famous?
Its not trusted and infamous
Submitted by Anonymous on Sun, 12/23/2007 - 09:08.its ironic the term is trusted... but what it actually implies that the user of the system is not trusted. what this means is that even you own a computer... big brother can deem your computer as not trusted and render some or all of the hardware and software to stop functioning. it is the end of freedom as we know it.. and stifle innovation.. and the degradation of privacy.
http://www.schneier.com/blog/archives/2006/05/who_owns_your_c.html
http://www.lafkon.net/tc/
RE: Its not trusted and infamous
Submitted by Anonymous on Sun, 12/23/2007 - 23:12.Actually, without this capability, any and all malicious code can run. That's why we see all types of malware infesting Windows due to the inability to have a "clean" point of start. When your windows-based computer gets infected, what is usually the recommendation? Boot from CD (i.e. TRUSTED Read-only media) then perform a full scan...etc..etc
This type of ignorant quoting of Bruce Schneier without understanding the problems at hand is partially why we're still suffering from all the malware/botnets and malicious code executions out there. Everyone is entitled to their opinion, but Bruce doesn't propose a solution nor alternative to TPM. Everything that's currently only Software-based, can be altered and forged to appear as authentic, except if there is some sort of hardware-based token. At some point in the installation of software, there is a "Trust" step placed into either the code, the user providing the trust by typing their administrator password or similar, so please, do us all a favor and go understand the issue before saying that it will "stifle innovation".
-Information Security Professional
You are (possibly) confused
Submitted by Anonymous on Mon, 12/24/2007 - 07:14.See this link: http://www.lafkon.net/tc/ for why Trusted Computing (a.k.a. Treacherous Computing) is a problem for our computer freedoms.
None the wiser
Submitted by Anonymous on Mon, 12/24/2007 - 17:33.Yes, trust _is_ a mutual thing. Do I trust _you_? No. It's nothing personal, I just don't know you. Do I trust your computer? Do _you_ trust your computer? Are you sure you are in control? Is it doing _only_ what it is supposed to do (aside from bugs, etc.)?
Many would say I'm a competent system administrator (no comment, I know my limits), but even I can not be 100% sure my systems have not been compromised. Can an average Joe (clicking OK on every dialog just to get rid of it) be sure? Does he even care? "There's nothing on my computer to be of any interest to anybody..." Yeah, except of its processing power and its "big phat pipe"... Will you condemn me if I (in control of _my own_ computer and _my own_ network) decide to deny access for equipment which I deem not to be secure enough? Do I welcome a method to verify the integrity of stuff requesting access? To verify the integrity of _my own_ equipment? HELL, YES!
P. S.
Go develop some independent thinking. That crappy video (nice design, and all though) says NOTHING.
Lafkon commentary
Submitted by Anonymous on Thu, 12/27/2007 - 15:30.See the comments of this blog post:
http://www.dailycupoftech.com/2007/09/25/who-chooses-whom-you-trust/
I transcribe the text of the Lafkon anti-TC video, and then follow up with a response explaining the truth about Trusted Computing and the problems with the video presentation.
Hal
infamous
Submitted by Anonymous on Sun, 12/23/2007 - 13:49.http://en.wikipedia.org/wiki/Trusted_Computing_Platform_Alliance#Critici...
Suggest questions on English
Submitted by Anonymous on Wed, 12/26/2007 - 15:14.Suggest questions on English idiom are better directed elsewhere
TCM
Submitted by Anonymous on Fri, 01/11/2008 - 22:34.'Infamous', and in my book, deserves the title.
I'll determine the security and every other aspect of my computer.
We need ID cards/chips on the 'net now, do we?
Who was so kind as to make that decision for us.
The old 'verification' hack has as much validity as it always has.
None.
It's the 'man in the middle' that steals the deal.
It always has been and always will.
open platform or trusted platform
Submitted by Anonymous on Sun, 12/23/2007 - 09:52.I can *sortof* understand a proprietary hardware/software platform vendor like Apple wanting to lock down their systems, but this has absolutely no place in the predominantly opensource world of linux.
May the perpetrators of this project die slowly, alone and in great pain, at the earliest possible opportunity.
I want TPM to work for me
Submitted by Anonymous on Mon, 12/24/2007 - 08:54.I understand TPM concerns, but if it can work for me ad let me know if I should trust my own computer, then that much is good.
How nice to know whether or not joe hacker working for the MPAA/gov/secret-service has tampered or not.
sam
I want TPM to work for me.
Submitted by Anonymous on Fri, 01/11/2008 - 22:35.On-disc encription is now an option.
Infamous?
Submitted by Anonymous on Mon, 12/24/2007 - 09:58."IBM Research has prototyped a security solution using the infamous Trusted Platform Module that allows users to accurately validate the identity and integrity of all software running on a remote server and client machine."
I am curious as to why you deem the module to be infamous? Why would bringing something with a bad reputation to the Linux platform be desirable?
Not speaking for the OP but
Submitted by Anonymous on Wed, 12/26/2007 - 15:21.Not speaking for the OP but I believe this is because TPM is potentially anti-user, and this is in fact how it has first been wielded in MS Vista
TPM lies
Submitted by Anonymous on Thu, 12/27/2007 - 15:34.Almost everything you have heard about the TPM is a lie.
The TPM is hardly used in Microsoft Vista. It is only used for one thing, the Bitlocker disk encryption system. The TPM adds security to disk encryption by holding the keys within hardware. It lets you get by with a simple PIN to decrypt the disk, because of anti-brute-force features in the TPM chip. In this usage the TPM adds to your security and does not harm you in any way.
You have probably heard that the TPM is used to enforce DRM in Vista, but that is false. In fact it will take many years of effort and an enormous infrastructure will have to be established before TPMs can be used for DRM. It may happen someday but that is far off.