On Mon, 05 Jul 2010 21:48:53 EDT, Mary and Glenn Everhart said: > Might I suggest that in addition to discussing how to defend against > software attacks, that it is also useful to devise methods and protocols > that will function even where the systems being used to communicate are > infected with malware? The consensus in the security world is that, in general, if a system has been infected with sufficiently virulent malware, it's impossible to do *any* reliable computing on it. Consider a system with a keystroke logger on it - anything you type is compromised the instant you hit the key. (And before you say "how about a mouseable keyboard on the screen", I'll point out that some banks have tried that, and it's already been pwned). Similar arguments hold for any other function - if the attacker controls the vertical and horizontal, you're basically screwed. So there's not been a lot of research on the topic from the white-hat end. Most likely, you'll find most of the good work in this area over in the black-hat world, as they're continually trying to find ways to do reliable computing on a machine owned by the adversary. There is a slim chance that with hardware assistance such as a smart card, it may be possible to open up an encrypted communications session from the smart card *through* the compromised system to an external endpoint. However, such a card would have very limited ability to introspect the system unless you expand the scope drastically - and at that point, you're basically re-inventing the TPM chipset.
Attachment:
pgprDZ_nYf3BZ.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/