Microsoft meeting
Five people came from Microsoft to meet with us on Tuesday about Palladium. It was very interesting.
"Sealed storage" is a very technically clever idea. Some of the subtleties hit me only after the meeting. Basically, you have a hardware co-processor within a machine which contains some unique secret symmetric key (not known to anybody other than the co-processor). Call this s. Also assume that the co-processor is also to take a hash h of whatever kernel k is running on the ordinary CPU. (In Palladium this is actually something called a "nub" -- in their marketing materials a "Trusted Operating Root" or "TOR" -- but we can pretend it's the OS kernel instead.)
The co-processor provides two functions, c=SEAL(p) and p=UNSEAL(c). Within the co-processor, SEAL is implemented approximately as aes_encrypt(s+h, p), and UNSEAL approximately as aes_decrypt(s+h, p). (I am simplifying and eliding many details; the real implementation is more complex and provides several additional features.)
The interesting consequence of this is that any program running on the system can call into the coprocessor and ask the coprocessor to encrypt or decrypt arbitrary data. (Actually, usually just a symmetric key for data, not the data itself, but we'll pretend it's the data.) The coprocessor by its very nature can successfully decrypt whatever it has previously encrypted, but only if the encryption was performed on the same machine while the same kernel k was running! If the decryption is attempted on a different PC (which has a different secret key h), or even on the same PC while running a different or modified operating system, the decryption routine will fail to decrypt the data. Thus, a program is able to say "encrypt this so that it can only be decrypted by a process running on the current machine under the currently-running operating system kernel". And the program can have confidence that the encryption occurs in an unobservable way and that the resulting encrypted data can be safely stored in an untrusted medium, because it will never be possible to decrypt it except upon request of software running in an identical environment.
I feel that I'm not quite doing justice to this clever technique, partly because I'm omitting some details, and partly because I haven't actually described the rest of the environment (how the coprocessor fits into the rest of the system, how and when the hash of the kernel is taken, how the coprocessor knows that the hash of the kernel is accurate, etc.).
But one interesting consequence of this idea is that you can actually have software which can be open source and runs on an ordinary PC and yet can store information locally on a hard drive in a way that the PC's owner (or somebody who steals the hard drive) can't use or transfer the information except according to a policy specified within the software. This can be the case even though the owner of the PC is able to examine and modify the software, and even to reboot the machine in single-user mode, and run debuggers and emulators and so on. There is no security-through-obscurity necessary, although there are still certain physical security assumptions involved (the user can't arbitrarily read or modify the contents of the coprocessor or certain other parts of the PC's hardware).
Think about this: if you move the file (and, if you like, the entire software operating environment!) to another PC, the application can no longer decrypt the file. If you modify the operating system (which you are able to do), the application can longer decrypt the file. If you run a different operating system (which you are able to do), the application can no longer decrypt the file. If you modify the application (which you are able to do), the application can no longer decrypt the file. This is a technically impressive capability! After the meeting, I kept realizing more and more interesting features of this design.
Sealed storage is one part of Palladium, although not the whole thing. It is one of the pieces which provide what we referred to as "epistemology" for software running on a trusted system. How can the software tell that it isn't running in a virtual machine, an emulator, a debugger, a system call tracer, a deceptive system-call tracer, a virtualized OS kernel, etc.? It's been suggested that it's a good thing when software can't tell, because end-users thereby acquire more control, or reverse-engineering for interoperability and competition is possible, or we can preserve computing history, or preserve human culture. If software can tell, maybe we can't do these things, because someone can try to make the software enforce a policy against running under emulation.
Descartes was one of the early epistemologists to worry about whether his sensory experience (what software calls input and output) is real or merely emulated, although that concern goes back to the very beginnings of philosophy and speculative thought.
Plato's cave is one more ancient instance of this anxiety -- and in some sense so is Chuang Tzu's "butterfly dream". Plato and Descartes, wholly unlike Chuang Tzu, specifically imagine a conspiracy on the part of a malignant intelligence. Shall we say that Western philosophy is more paranoid than Eastern, that the Western philosopher is always prepared to believe in the Adversary? In Chuang Tzu, the deception is simply a result of a dream, and no moral evil or ill will. But in Plato the victims of the deception are actually "en tautêi ek paidôn ontas en desmois kai ta skelê kai tous auchenas". Ouch! (Who would be so cruel as to chain people in a cave beneath the earth and shackle them since childhood, "ek paidôn"?) In Descartes we start off with ordinary and harmless dreams:
Praeclare sane, tanquam non sim homo qui soleam noctu dormire, & eadem omnia in somnis pati, vel etiam interdum minus verisimilia, quam quae isti vigilantes. Quam frequenter vero usitata ista, me hic esse, toga vestiri, foco assidere, quis nocturna persuadet, cum tamen positis vestibus iaceo inter strata!Age ergo somniemus, nec particularia ista vera sint, nos oculos aperire, caput movere, manus extendere, nec forte etiam nos habere tales manus, nec tales totum corpus [...]
But eventually, just a few paragraphs later, we come to possess an infinitely powerful and intelligent adversary whose only goal in life is to deceive us in the service of some terrible evil:
genium aliquem malignum, eundemque summe potentem & callidum, omnem suam industriam in eo posuisse, ut me falleret
(!)
If you walked into a psychiatrist's office talking about the genius malignus, summe potens et callidus, qui posuit omnem suam industriam in eo, ut me falleret, wouldn't you be diagnosed with paranoid schizophrenia, at least as long as your psychiatrist understood Latin?
But it's a reasonable fear for an epistemologist, or for a computer program. In the computer security world, there is an Adversary, there is a Devil, summe potens et callidus...
Cory suggested that trusted computing initiatives (and their technical features like sealed storage) occupy in security software's epistemology the same position God and God's perfection occupied in Descartes's epistemology.
Ut autem etiam illa tollatur, quamprimum occurret occasio, examinare debeo an sit Deus, &, si sit, an possit esse deceptor; hac enim re ignorata, non videor de ulla alia plane certus esse unquam posse.
(But so that that this [problem] might also be removed, I should, as soon as possible, examine whether there be a God, and, if there be, whether he might be a deceiver; for, being ignorant of this thing, I cannot appear to be able ever to be entirely certain about anything else.)
It doesn't take Descartes very long:
In primis enim agnosco fieri non posse ut ille me unquam fallat; in omni enim fallacia vel deceptione aliquid imperfectionis reperitur [...] nec proinde in Deum cadit.
(For in the beginning I perceive that it is impossible that he should ever deceive me; for in every deceit or deception there appears some sort of imperfection [...] and [this] does not thereby fall to God.)
Cory says God's part here in the software's epistemology is things like sealed storage, and the counterpart of God's perfection is Microsoft's trustworthiness.
It was nice of the Microsoft folks to come down and talk with us; I really enjoyed it, and I learned a lot about Palladium, not that I have a clear assessment of whether Palladium is good or bad. We met with them for about four hours, and I spent much of the rest of the day digesting and talking to other people about those four hours. And certainly there's a lot of sophistication there.
- Links from other weblogs:
Sat Nov 15 09:53:33: 3d poker games. from 3d poker.
3d poker. 3d poker games.
Sat Nov 15 16:19:06: Lesbi. from Lesbi.
Lesbi.
Sun Nov 16 01:05:19: Free poker. from Free strip poker games.
Video poker game free. Free poker websites. Free poker play. Play free video strip poker. Free online strip poker..
Sun Nov 16 09:55:23: Phentermine online order. from Order phentermine online.
Order phentermine gt buy phentermine online. Order phentermine uk. Adipexdrug addiction order phentermine online. Order phentermine. Order phentermine indice.
Mon Nov 17 12:27:58: Phentermine no prescription. from Phentermine no prescription.
Phentermine no prescription. Phentermine mg phentermine prescription.
Tue Nov 18 08:46:10: Online auto insurance. from Buy auto insurance online.
Buy auto insurance online. Cheap full coverage auto insurance quotes online. Cheap auto insurance online. Auto insurance online. Online auto insurance.
Tue Nov 18 22:27:16: Cheap flights paris. from Athens to paris cheap flights.
Cheap flights paris. Cheap flights to paris france. Cheap flights to paris from phl. Athens to paris cheap flights.
Wed Nov 19 12:53:14: Online auto insurance policies. from Auto insurance online.
Auto insurance online auctions. Auto insurance online. Online auto insurance.
Thu Nov 20 03:09:53: Payday loan online. from Payday loan online.
Payday loan online. Online payday loan. American online marketing payday loan.
Fri Nov 21 07:32:09: Play poker free. from Free strip poker.
Free online strip poker xxx. Holdem poker games free.
Fri Nov 21 08:53:41: Tramadol for dogs. from Tramadol.
Cheap tramadol. Tramadol wikipedia the free encyclopedia. Tramadol.
Sat Nov 22 15:01:56: No prescription phentermine. from Phentermine no prescription.
Phentermine 37.5 mg online prescription. Phentermine without prescription. Buy phentermine without a prescription. Lowest price phentermine no prescription. Phentermine no prescription.
Sun Nov 23 18:44:48: Internet casino. from Internet casino slot tournaments.
Internet casino. Internet casino gambling reviews. Au casino internet jouer.
Mon Nov 24 04:10:41: Order phentermine phentermine online. from Order phentermine.
Order phentermine uk. Order phentermine online. Order phentermine order cheap phentermine. Order phentermine. Order phentermine online buy cheap pharmacy here.
Mon Nov 24 14:10:00: Cheap flights to paris from phl. from Athens to paris cheap flights.
Cheap flights to paris from phl. Athens to paris cheap flights.
Mon Nov 24 14:30:46: College loan online. from College loan corp.
College loan. College loan comic. College loan corporation. College loan programs. Nissan college loan program.
Mon Nov 24 22:56:29: Tramadol. from Buy tramadol.
Tramadol 180. Tramadol overdose. Cheap tramadol. Tramadol hydrochloride. Ibuprophen and tramadol. Tramadol. Tramadol com. Cheap tramadol fedex overnight.
Tue Nov 25 14:34:50: Tramadol online. from Tramadol online.
Cheap tramadol cod buy cheap cod online tramadol. Tramadol online. Off for tramadol online free fedex low cost. Buy cheap tramadol mg tablets only in us online.
Tue Nov 25 22:57:43: Advance cash fast loan online payday quick. from Fast cash advance payday loan.
Advance cash loan payday.
Wed Nov 26 19:44:19: Acs college loan corporation. from College loan refinace.
College loan. College student loan. Need iowa college loan.
Thu Nov 27 10:23:57: Casino golden online palace. from Golden river online casino.
Golden casino online. Golden riviera online casino. Golden river online casino.
Fri Nov 28 02:49:41: Athens to paris cheap flights. from Athens to paris cheap flights.
Cheap flights to paris from phl. Athens to paris cheap flights.
Sat Nov 29 10:02:59: Phentermine 37.5 mg 90 tablets. from Phentermine 37.5mg.
Phentermine 37 5mg. Cheap 37 5 phentermine. Phentermine 37 5. Find phentermine 37.5 pay with mastercard. Phentermine 37.5 mg. Phentermine 37.5 no prescription needed.
Mon Dec 01 17:41:47: Lipodrene with ephedra. from Ephedra ban illegal to posses.
Buy ephedra. Chronic ephedra abuse. Ephedra products.
Sat Dec 06 20:26:11: Casino games. from Free online casino games.
Ps2 casino games. Play casino games. Golden palace games online casino. Free casino games online. Free casino on line games. Play free casino games. Free casino games. Free online casino games.
Sun Dec 07 05:10:06: Buy hydrocodone. from Buy hydrocodone.
Buy hydrocodone.
Sun Dec 07 18:59:00: Free internet casino slot tournaments. from Gambling internet casino gambling online.
Internet casino gambling.
Mon Dec 08 03:57:32: Buy tramadol. from Buy tramadol the lowest prices chtiblog com.
Where buy tramadol click here. Buy tramadol. Buy cheap tramadol mg tablets only in us online. Tramadol great buy.
Mon Dec 08 04:25:40: Prozac. from Prozac.
Prozac.
Mon Dec 08 12:58:07: Golden palace games online casino. from Golden river online casino.
Golden palace games online casino. Golden river online casino. Golden riviera online casino. Golden casino online.
Mon Dec 08 23:24:57: Nexium. from Nexium.
Nexium 30.00rebate. Nexium headache. Nexium.
Tue Dec 09 08:10:41: Instant payday loan. from Instant payday loan.
No faxing payday instant payday loan. Instant payday loan.
Tue Dec 09 17:57:45: Cheap 37 5 phentermine. from Buy no phentermine prescription.
Phentermine overnight. Phentermine no prescription. Phentermine risk. Phentermine cod.
Wed Dec 10 02:41:03: How long is percocet in your system. from Percocet.
Drug interactions amantadine percocet. Buy percocet online without office visit. Percocet picture. How do i get off percocet. Therapeutic range for percocet.
Wed Dec 10 20:11:19: Buy valium. from Buy valium.
Buy valium.
Thu Dec 11 10:40:37: Free online casino games. from Free online casino games.
Free online casino games. Free casino games online. Play free casino games online.
Thu Dec 11 16:48:33: Free online casinos www.free-onlinecasinos.org. from Online casinos.
Station casinos. Biloxi casinos. Atlantic city casinos. Las vegas casinos. Online casinos online-casinos-bonuses.us. Free online casinos www.free-onlinecasinos.org. Free casinos www.free-onlinecasinos.org.
Thu Dec 11 18:21:37: Order phentermine uk. from Order phentermine.
Order phentermine gt buy phentermine online. Adipexdrug addiction order phentermine online. Order phentermine diet pills. Order phentermine.
Fri Dec 12 03:11:44: Buy online cheap and fast tramadol. from Cheap tramadol platinum rx.
Buy tramadol at a cheap price online. Buy cheap tramadol mg tablets only in us online. Tramadol cheap no rx.
Fri Dec 12 15:18:43: Ephedra. from Ephedra.
Products containing ephedra. Ephedra products. Ephedra pills. Yellow swarm with ephedra. Connecticut ephedra lawyers. Georgia ephedra attorneys. Ephedra.
Sat Dec 13 00:30:23: Free ringtone. from Free nextel ringtone wallpaper.
Free ringtone 3 c. Free real ringtone for motorola. Free nokia ringtone.
Sat Dec 13 15:28:28: Cheap phentermine. from Cheap phentermine.
Buy phentermine online buy cheap phentermine index.
Sun Dec 14 01:13:40: Tramadol cheap. from Cheap tramadol.
Cheap tramadol. Very cheap tramadol. Buy online cheap and fast tramadol. Cheap tramadol prescriptions online. Tramadol cheap no rx.
Sun Dec 14 15:54:51: Soaring eagle casino. from Casino slots www.casino-slot-machine.net.
Casino royale. Turning stone casino. Casino royal james bond.
Mon Dec 15 01:53:10: Prozac. from Online pharmacy free shipping prozac.
Side effects of prozac. Prozac.
Mon Dec 15 19:00:31: Online pharmacy valium cheap. from Online pharmacy valium.
Valium cheap online september. Valium online. Buy xanax valium online florida. Buy valium online wholesale prices save up to no. Valium prescription online. Buy valium online.
Tue Dec 16 04:39:02: Amoxicillin. from When amoxicillin works for acne.
Buy amoxicillin without prescription. Amoxicillin. Expiration date for amoxicillin. Amoxicillin trihydrate. How quickly does amoxicillin work.
Fri Dec 19 13:49:50: French lick casino. from Online casino.
Stardust casino. Casino royale. Casino royal. Free casino games.
Sun Dec 21 23:16:58: Has anyone had a baby while taking hydrocodone. from Remove acetaminophen from hydrocodone.
Hydrocodone. Hydrocodone homa methyl.
