The Trusted Computing - Could it be… SATAN_.ppt

The Trusted Computing - Could it be…. SATAN? Y’all remember the Church Lady, right? Bruce Potter gdead@ Don’t Believe Anything I Say Do not believe in anything simply because you have heard it. Do not believe in anything simply because it is spoken and rumored by many. Do not believe in anything simply because it is found written in your religious books. Do not believe in anything merely on the authority of your teachers and elders. Do not believe in traditions because they have been handed down for many generations. But after observation and analysis, when you find that anything agrees with reason and is conducive to the good and benefit of one and all, then accept it and live up to it.” - Buddha By Day, Senior Associate for Booz Allen Hamilton By Night, Founder of The Shmoo Group and restorer of hopeless Swedish cars Overview -Two things to accomplish Make the case for trusted computing While dodging the beer bottles being thrown at me Demonstrate the TPM on a MacBook Release some code Sprinkle in some good arguments, and we’ve got ourselves a party A Brief History of InfoSec For at least 50 years, we’ve been trying to solve the information security problem However, at the same time, the problem keeps getting more complex In the meantime, it’s made security a profitable and sustainable industry (funny what happens when you chase an impossible dream) Current InfoSec Trends Defense in Depth The core problem is currently unsolvable… So why not throw a giant pile of bandaids at it With a slick phrase like “defense in depth” it even sounds responsible Access to systems == Access to data Boot disks are amazing things David Hulton et al have even taken malicious slave devices to a new level Transactions are trusted at a network level End to end security only exists in controlled environments So, How Did We Get Here? The roadmap for secure systems is described in Butler Lampson’s “Protection” paper /~lampson/09-Protection/WebPage.html “The original motivation for put