FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 02-07-2008, 08:34 AM
Kuniyasu Suzaki
 
Default Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

Dear,

We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
http://unit.aist.go.jp/itri/knoppix/index-en.html
It includes trusted computing software based on TPM(Trusted Platform
Module). Debian packages on KNOPPIX is validated by Remote Attestation.

OpenPlatformTrustServices is included and the validation service of
Remote Attestation is available.
http://sourceforge.jp/projects/openpts/
The Remote Attestation validates "platform integrity" and "vulnerability
of packages". Current Vulnerability Data Base is consisted of DSA(Debian
Security Advisory) and validates Debian packages on KNOPPIX.

# Guide PDF
http://sourceforge.jp/projects/openpts/wiki/FrontPage/attach/20080129-KNOPPIX511TCG-OPTS-UsersGuide-v1_0-E.pdf

# List of Confirmed PC
http://sourceforge.jp/projects/openpts/wiki/PlatformInfo

# Included software
GRUB-IMA1.1.0.0, kenrel 2.6.19+IMA(Integrity Measurement Architecture),
Trousers0.2.9.1, TPM_Manager0.4, OpenPlatformTrustSerices0.1.1

# Download
ftp://unit.aist.go.jp/itri/knoppix/iso/knoppix511-TC-Geeks-100.iso
(MD5:197d70536ab36033fadf3d9cd04d2632)
Bittorrent file:
http://unit.aist.go.jp/itri/knoppix/knoppix511-TC-Geeks-100.iso.torrent

------
suzaki


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-07-2008, 08:35 AM
Kuniyasu Suzaki
 
Default Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

Dear,

We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
http://unit.aist.go.jp/itri/knoppix/index-en.html
It includes trusted computing software based on TPM(Trusted Platform
Module). Debian packages on KNOPPIX is validated by Remote Attestation.

OpenPlatformTrustServices is included and the validation service of
Remote Attestation is available.
http://sourceforge.jp/projects/openpts/
The Remote Attestation validates "platform integrity" and "vulnerability
of packages". Current Vulnerability Data Base is consisted of DSA(Debian
Security Advisory) and validates Debian packages on KNOPPIX.

# Guide PDF
http://sourceforge.jp/projects/openpts/wiki/FrontPage/attach/20080129-KNOPPIX511TCG-OPTS-UsersGuide-v1_0-E.pdf

# List of Confirmed PC
http://sourceforge.jp/projects/openpts/wiki/PlatformInfo

# Included software
GRUB-IMA1.1.0.0, kenrel 2.6.19+IMA(Integrity Measurement Architecture),
Trousers0.2.9.1, TPM_Manager0.4, OpenPlatformTrustSerices0.1.1

# Download
ftp://unit.aist.go.jp/itri/knoppix/iso/knoppix511-TC-Geeks-100.iso
(MD5:197d70536ab36033fadf3d9cd04d2632)
Bittorrent file:
http://unit.aist.go.jp/itri/knoppix/knoppix511-TC-Geeks-100.iso.torrent

------
suzaki


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-11-2008, 10:32 AM
steef
 
Default Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

Kuniyasu Suzaki wrote:

Dear,

We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
http://unit.aist.go.jp/itri/knoppix/index-en.html
It includes trusted computing software based on TPM(Trusted Platform
Module). Debian packages on KNOPPIX is validated by Remote Attestation.

OpenPlatformTrustServices is included and the validation service of
Remote Attestation is available.
http://sourceforge.jp/projects/openpts/
The Remote Attestation validates "platform integrity" and "vulnerability
of packages". Current Vulnerability Data Base is consisted of DSA(Debian
Security Advisory) and validates Debian packages on KNOPPIX.


# Guide PDF
http://sourceforge.jp/projects/openpts/wiki/FrontPage/attach/20080129-KNOPPIX511TCG-OPTS-UsersGuide-v1_0-E.pdf

# List of Confirmed PC
http://sourceforge.jp/projects/openpts/wiki/PlatformInfo

# Included software
GRUB-IMA1.1.0.0, kenrel 2.6.19+IMA(Integrity Measurement Architecture),
Trousers0.2.9.1, TPM_Manager0.4, OpenPlatformTrustSerices0.1.1


# Download
ftp://unit.aist.go.jp/itri/knoppix/iso/knoppix511-TC-Geeks-100.iso
(MD5:197d70536ab36033fadf3d9cd04d2632)
Bittorrent file:
http://unit.aist.go.jp/itri/knoppix/knoppix511-TC-Geeks-100.iso.torrent

------
suzaki




anybody who knows how trustworthy this version of knoppix is??

reg.,

steef

--
steef van duin

publicist, research-journalist


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-11-2008, 02:31 PM
Andrew Sackville-West
 
Default Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

On Mon, Feb 11, 2008 at 11:32:51AM +0000, steef wrote:
> Kuniyasu Suzaki wrote:
>> Dear,
>>
>> We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
>> http://unit.aist.go.jp/itri/knoppix/index-en.html
>> It includes trusted computing software based on TPM(Trusted Platform
>> Module). Debian packages on KNOPPIX is validated by Remote Attestation.
-------------------------------------------------------^^^^^^^^^^^^^^^^^^^

sounds an awful lot like Remote Exploit to me.

>>
>>
> anybody who knows how trustworthy this version of knoppix is??
>

The trustworthyness of any code is inversely proportional to the
volume of claims of its trustworthyness. --- me

A
 
Old 02-11-2008, 03:12 PM
steef
 
Default Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

Andrew Sackville-West wrote:

anybody who knows how trustworthy this version of knoppix is??




The trustworthyness of any code is inversely proportional to the
volume of claims of its trustworthyness. --- me

A


mmmm. no one seen yet, a good sign given a sufficient large amount of users.

steef

--
steef van duin

publicist, research-journalist


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-11-2008, 03:21 PM
Tzafrir Cohen
 
Default Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

On Mon, Feb 11, 2008 at 07:31:11AM -0800, Andrew Sackville-West wrote:
> On Mon, Feb 11, 2008 at 11:32:51AM +0000, steef wrote:
> > Kuniyasu Suzaki wrote:
> >> Dear,
> >>
> >> We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
> >> http://unit.aist.go.jp/itri/knoppix/index-en.html
> >> It includes trusted computing software based on TPM(Trusted Platform
> >> Module). Debian packages on KNOPPIX is validated by Remote Attestation.
> -------------------------------------------------------^^^^^^^^^^^^^^^^^^^
>
> sounds an awful lot like Remote Exploit to me.

That's indeed remotely similar.

It means that someone at a different machine on the network can be
guaranteed that this specific software is only running on that system.
Naturally this will not work without BIOS-level support.

See e.g.: http://lwn.net/Articles/144681/

That said, I don't fully understand what they attempt to provide.

>From the little I understand, I figure that their system tries to
guarantee that all software is valid Debian debs (plus some bits from
their repositories). I have no idea how they implemented this. I have no
idea what are the actual guarantees of kernel-level "trusted computing"
to a system as complex as Debian.

--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-12-2008, 12:52 AM
Kuniyasu Suzaki
 
Default Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

>>From: Tzafrir Cohen <tzafrir@cohens.org.il>
>>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>
>>On Mon, Feb 11, 2008 at 07:31:11AM -0800, Andrew Sackville-West wrote:
>>> On Mon, Feb 11, 2008 at 11:32:51AM +0000, steef wrote:
>>> > Kuniyasu Suzaki wrote:
>>> >> Dear,
>>> >>
>>> >> We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
>>> >> http://unit.aist.go.jp/itri/knoppix/index-en.html
>>> >> It includes trusted computing software based on TPM(Trusted Platform
>>> >> Module). Debian packages on KNOPPIX is validated by Remote Attestation.
>>> -------------------------------------------------------^^^^^^^^^^^^^^^^^^^
>>>
>>> sounds an awful lot like Remote Exploit to me.
>>
>>That's indeed remotely similar.

Our remote attestation is a kind of CHECKER of two type of database
for trustworthy. The database of DSA (Debian Security Advisory)
validates the packages of knoppix. The database of platform integrity
was created by our samples, which is listed at
http://sourceforge.jp/projects/openpts/wiki/PlatformInfo
The database validates the boot procedure, which is based on "Trusted
Computing".

>>It means that someone at a different machine on the network can be
>>guaranteed that this specific software is only running on that system.
>>Naturally this will not work without BIOS-level support.
>>
>>See e.g.: http://lwn.net/Articles/144681/

Thank you. Good reference site.

>>
>>That said, I don't fully understand what they attempt to provide.
>>
>>>From the little I understand, I figure that their system tries to
>>guarantee that all software is valid Debian debs (plus some bits from
>>their repositories). I have no idea how they implemented this. I have no
>>idea what are the actual guarantees of kernel-level "trusted computing"
>>to a system as complex as Debian.

Please refer the following papers.

"Design and Implementation of a TCG-based Integrity Measurement
Architecture", USENIX Security Symposium 2004.
http://www.usenix.org/events/sec04/tech/sailer.html
"Trusted Computing and Linux", Ottawa Linux Symposium 2005.
http://www.linuxsymposium.org/2005/view_abstract.php?content_key=50

--
suzaki

>>--
>>Tzafrir Cohen | tzafrir@jabber.org | VIM is
>>http://tzafrir.org.il | | a Mutt's
>>tzafrir@cohens.org.il | | best
>>ICQ# 16849754 | | friend
>>
>>
>>--
>>To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>>
>>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-12-2008, 07:47 AM
Tzafrir Cohen
 
Default Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

On Tue, Feb 12, 2008 at 10:52:47AM +0900, Kuniyasu Suzaki wrote:
>
> >>From: Tzafrir Cohen <tzafrir@cohens.org.il>
> >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
> >>
> >>On Mon, Feb 11, 2008 at 07:31:11AM -0800, Andrew Sackville-West wrote:
> >>> On Mon, Feb 11, 2008 at 11:32:51AM +0000, steef wrote:
> >>> > Kuniyasu Suzaki wrote:
> >>> >> Dear,
> >>> >>
> >>> >> We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
> >>> >> http://unit.aist.go.jp/itri/knoppix/index-en.html
> >>> >> It includes trusted computing software based on TPM(Trusted Platform
> >>> >> Module). Debian packages on KNOPPIX is validated by Remote Attestation.
> >>> -------------------------------------------------------^^^^^^^^^^^^^^^^^^^
> >>>
> >>> sounds an awful lot like Remote Exploit to me.
> >>
> >>That's indeed remotely similar.
>
> Our remote attestation is a kind of CHECKER of two type of database
> for trustworthy. The database of DSA (Debian Security Advisory)
> validates the packages of knoppix. The database of platform integrity
> was created by our samples, which is listed at
> http://sourceforge.jp/projects/openpts/wiki/PlatformInfo
> The database validates the boot procedure, which is based on "Trusted
> Computing".

Sorry, I just don't get it.

Given that the platform includes gcc, perl and python (and wget), what
practical use is there in in the guarantees you can achive?

What happens if I just innstall something from source?

Recall that for the Xbox it only took one buggy game to allow installing
an arbitrary software (e.g.: Linux) by the user.

--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-12-2008, 09:46 AM
Chris Bannister
 
Default Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

On Mon, Feb 11, 2008 at 07:31:11AM -0800, Andrew Sackville-West wrote:
> The trustworthyness of any code is inversely proportional to the
> volume of claims of its trustworthyness. --- me

Michael Elkins! -- now I'm worried ...

--
Chris.
======


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-12-2008, 11:02 AM
Kuniyasu Suzaki
 
Default Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

>>From: Tzafrir Cohen <tzafrir@cohens.org.il>
>>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>
>>> >>> >> We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
>>> >>> >> http://unit.aist.go.jp/itri/knoppix/index-en.html
>>> >>> >> It includes trusted computing software based on TPM(Trusted Platform
>>> >>> >> Module). Debian packages on KNOPPIX is validated by Remote Attestation.
>>> >>> -------------------------------------------------------^^^^^^^^^^^^^^^^^^^
>>> >>>
>>> >>> sounds an awful lot like Remote Exploit to me.
>>> >>
>>> >>That's indeed remotely similar.
>>>
>>> Our remote attestation is a kind of CHECKER of two type of database
>>> for trustworthy. The database of DSA (Debian Security Advisory)
>>> validates the packages of knoppix. The database of platform integrity
>>> was created by our samples, which is listed at
>>> http://sourceforge.jp/projects/openpts/wiki/PlatformInfo
>>> The database validates the boot procedure, which is based on "Trusted
>>> Computing".
>>
>>Sorry, I just don't get it.
>>
>>Given that the platform includes gcc, perl and python (and wget), what
>>practical use is there in in the guarantees you can achive?

The TC-Geeks KNOPPIX is a trial environment. However the technique
,whcih combiles remote attestation and trusted boot, prevents insertion
of root kits and offers safe environment.

>>What happens if I just innstall something from source?

The software work well.
If you REPLACE the application which are registered at the database,
you can not connect to remote attestation.

>>Recall that for the Xbox it only took one buggy game to allow installing
>>an arbitrary software (e.g.: Linux) by the user.

------
suzaki


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 01:31 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org