Re: TALPA - a threat model? well sorta.

From: H. Peter Anvin
Date: Wed Aug 13 2008 - 14:25:22 EST

Next message: Mark Langsdorf: "[PATCH](retry 2) Re: invalidate caches before going into suspend"
Previous message: Arjan van de Ven: "Re: TALPA - a threat model? well sorta."
In reply to: Arjan van de Ven: "Re: TALPA - a threat model? well sorta."
Next in thread: Eric Paris: "Re: TALPA - a threat model? well sorta."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andi Kleen wrote:

This means you need significant LSM components simply to protect
the integrity of the file scanner against root. It's even unclear it's possible in the general case (e.g. X server doing
arbitary DMA and no IOMMU -- how do you protect the file scanner?)

Without Treacherous Computing, it isn't possible, even in kernel space.

In Treacherous Computing you can put it in the hypervisor, which of course just means the hypervisor is now much bigger and likely to contain security holes.

-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mark Langsdorf: "[PATCH](retry 2) Re: invalidate caches before going into suspend"
Previous message: Arjan van de Ven: "Re: TALPA - a threat model? well sorta."
In reply to: Arjan van de Ven: "Re: TALPA - a threat model? well sorta."
Next in thread: Eric Paris: "Re: TALPA - a threat model? well sorta."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]