Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Some interesting security-related work from Microsoft...

184 views
Skip to first unread message

Stephen Hoffman

unread,
Apr 19, 2018, 7:10:31 PM4/19/18
to

Looks like you can now have (for instance) a GPG mail environment that
can be verified, but where an exploit running with Windows kernel
access cannot access the private keys.

https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/


Looks like some descendent of the Palladium / NGSCB and the secure boot
work that started an aeon or three ago has finally started shipped...

https://en.wikipedia.org/wiki/Next-Generation_Secure_Computing_Base

Downsides? Probably. Wouldn't want to find malware lurking in one of
those enclaves. DRM and anti-malware will soon be resident and
running in an enclave. There'll be lurking bugs too, of course.

OpenVMS has nothing similar to this — there are a number of gaps in
what's currently available, such as sandboxing and other related
security work and that's all been mentioned once or twice before.



--
Pure Personal Opinion | HoffmanLabs LLC

EVER...@gce.name

unread,
May 17, 2018, 8:51:53 PM5/17/18
to
Some conceptual ancestors run in VMS, or used to.
I implemented a system with an encrypted virtual disk whose driver tested a number of things to be as sure as it could that it was being accessed by the startup process only, soon after hard boot, with some other limitations. Idea was this could be used to mount other crypto-disks or do other initialization. You'd keep a special unrestricted driver on removable media, take it out of the safe and use to set the thing up. It could have done whatever you like, including doing crypto hash of system images etc.
Not as useful for real paranoid environments, particularly since it was published in source code...but interesting for circa 1990.

Getting something that keeps secrets at boot time is harder...
Note though that the Microsoft stuff has its holes too; designers have mentioned there are ways to get the system to spill its guts and reveal keys. Maybe some of that is fixed now. (The issue exists with HSMs too, in that there are generally ways they can be commanded to re-key or export data and whatever is allowed to give them commands needs to be limited as well, so these kinds of things only occur where legitimately needed.)

Just thought it won't hurt to mention what was done awhile back and would be easy now...
Glenn Everhart
ever...@gce.name
302 373 5382
0 new messages