Collaboration question & challenge use case

[Christian Stüble]

Hi,

after a long time of following this list only passively, I would like to share 
some of my thoughts with the other list members :-)

Background: I am working/researching/developing microkernel-based security 
architectures for a few years now, currently at Ruhr-University Bochum (RUB), 
Germany. At the moment, our group is involved in some R&D projects
related to trusted computing (TC) and security in general: E.g., PERSEUS 
(perseus-os.org), EMSCB (emscb.org), OTC (opentc.net), and some others. In 
this context, we are developing security-critical services and applications 
on top of L4 and Xen. Further important topics are security engineering, 
formal models, language-based security, and security protocols.

General: Since I am not aware of a multi-server system designs that fulfills
today's requirements, our group has to design and implement a lot of services 
from scratch - wasting a lot of time, since our main focus is security. 
Therefore, we would like to collaborate with further projects like hurd and 
coyotos, to share design ideas, use cases and implementations. Unfortunately, 
this seems to be impossible due to conflicting requirements (at least with 
hurd): We are using TC technology and we are even developing DRM-like 
applications (whatever this means). We do this for the following reasons: On 
the one hand, it is IMO better to prove that a better solutions exists if you 
want to criticise existing technology (and we criticise TC a lot, e.g., have a 
look at some research papers and our TPM compliance test..) 

On the other hand, TC is currently a technology that is widely available and 
fulfills (IMO) important security requirements. Yes, it could be misused 
(like nearly any security-related product), but our main develop/reasearch 
goal is an architecture that prevents misuse but allows many relevant use 
cases. The same holds for the DRM-like applications: We develop applications 
that allow the enforcement of security policies in a distributed environment, 
but which consider user rights and the law (keywords: multilateral security, 
fair use).

Challenge: I would like to give a more concrete example of an application that
IMO requires confinement and TC as a possible instance to fulfill this 
requirement: As you may know, we have in Germany strict laws regarding user 
privacy. E.g., a company is in general not allowed to give personal 
information to other institutions. Nevertheless, it is sometimes hard to 
prove that there was a leakage of information, or companies may be in
another country. Therefore, one of our goals is to develop an environment
that allows users to create an agent that controls their personal information 
and enforces, e.g.,  within the environment of a company, that it can only 
use personal information once, or that it cannot be shared with other 
companies, etc. But this requires that the owner of the platform executing 
the agent cannot access the internal state of the agent. A lot of people 
would call the agent a DRM application...

Another application, currently an (open) master thesis, is to develop a P2P 
filesharing client that uses DAA to connect to other clients. The motivation 
is to prevent modified clients that allow the platform owner to see the 
connection table (and thus to uncover the anonymity of clients). But this 
only makes sense if the platform owner cannot access the internal state of 
applications... 

I would like to know to what extend people here are interested in a 
collaboration. If you think this is too OT to discuss it here, we can 
continue this discussion somewhere else..

Regards,
Chris