|
|
|
|
|
|
by vinsci
1822 days ago
|
|
|
Quote from Ross Anderson's `Trusted Computing' Frequently Asked Questions
- TC / TCG / LaGrande / NGSCB / Longhorn / Palladium / TCPA
Version 1.1 (August 2003) https://www.cl.cam.ac.uk/~rja14/tcpa-faq.html: 24. So why is this called `Trusted Computing'? I don't see why I should trust it at all!
It's almost an in-joke. In the US Department of Defense, a `trusted system or component' is defined as `one which can break the security policy'. This might seem counter-intuitive at first, but just stop to think about it. The mail guard or firewall that stands between a Secret and a Top Secret system can - if it fails - break the security policy that mail should only ever flow from Secret to Top Secret, but never in the other direction. It is therefore trusted to enforce the information flow policy.
Or take a civilian example: suppose you trust your doctor to keep your medical records private. This means that he has access to your records, so he could leak them to the press if he were careless or malicious. You don't trust me to keep your medical records, because I don't have them; regardless of whether I like you or hate you, I can't do anything to affect your policy that your medical records should be confidential. Your doctor can, though; and the fact that he is in a position to harm you is really what is meant (at a system level) when you say that you trust him. You may have a warm feeling about him, or you may just have to trust him because he is the only doctor on the island where you live; no matter, the DoD definition strips away these fuzzy, emotional aspects of `trust' (that can confuse people).
During the late 1990s, as people debated government control over cryptography, Al Gore proposed a `Trusted Third Party' - a service that would keep a copy of your decryption key safe, just in case you (or the FBI, or the NSA) ever needed it. The name was derided as the sort of marketing exercise that saw the Russian colony of East Germany called the `German Democratic Republic'. But it really does chime with DoD thinking. A Trusted Third Party is a third party that can break your security policy.
25. So a `Trusted Computer' is a computer that can break my security?
That's a polite way of putting it.
Ross Anderson
|
|
|
> TC is also aimed at payment systems. One of the Microsoft visions is that much of the functionality now built on top of bank cards may move into software once the applications can be made tamper-resistant. This leads to a future in which we pay for books that we read, and music we listen to, at the rate of so many pennies per page or per minute. The broadband industry is pushing this vision; meanwhile some far-sighted people in the music industry are starting to get scared at the prospect of Microsoft charging a percentage on all their sales.
God, if only they knew -- but at the same time, we never reached the nightmare of "pay-per-minute" models for books or songs.