Re: How to add confinement to the Hurd?

[Pierre THIERRY]

Scribit Marcus Brinkmann dies 30/04/2006 hora 22:29:
> I can even tell you why there is an ethical issue.  The reason is that
> non-trivial confinement separates ownership of digital content into a
> party that has access and modification right and a party which has the
> right to decide durability.

I return to the use case of the program that is executable without
disclosing itself.

Let's state the problem clearly to avoid misunderstanding:

Alice writes the Processor program, whose algorithm she cannot disclose,
and Bob has to execute Processor on the file SensitiveData, which he
must keep secret. The system has to make Bob able to execute Processor
with the guarantee that it won't leak anything without knowing how
Processor work.

Where is access and modification separated from durability?

> > 1) Do anyone knows, even remotely, what would be needed to implement
> > this confinement in the Hurd? Particularily, what would be needed
> > for the implementer to do, and what could prevent him to do it in
> > the Hurd design?
> The underlying mechanism is, at the hardware level, a "trusted
> computer" chip, which is a chip that contains a cryptographic key
> which _nobody_ can read out and which is certified by the manufacturer
> of the hardware.

I do not see how the cryptographic chip helps achieving confinement... I
thought it only enables certification of the system 'identity'.

Confusingly,
Nowhere man
-- 
address@hidden
OpenPGP 0xD9D50D8A

signature.asc
Description: Digital signature