Re: Separate trusted computing designs

[Marcus Brinkmann]

At Fri, 1 Sep 2006 10:48:44 +0200,
Christian Stüble <address@hidden> wrote:
> >
> > I think I am talking about the privacy agent use case.
> But then the problem is different. Lets say your privacy agent calculates
> a result y := f( p, s ) on your secret input p and the servie provider's 
> secret input s. If both parties do not trust each other, they need a TTP
> to calculate the result. This is expensive and inefficient. Alternatively,
> they can use a TTP within their system, with all the consequences discusses
> above.
> 
> Using a dedicated machine does not solve the problem. It remains the question
> who should control that machine, and whether it has installed an appropriate
> OS. 

I am not sure I understood your scenario correctly.  But it is my
impression that if I only have to remote attest my own operating
system software on a real machine, I can use a secret key on the TPM
that is known by me and certified by me.

To the contrary, if I need an attestation for the service providers
operating system and virtual machine, a vendor-certified TPM secret
key needs to be used that is not known to either party.

I think that is a substantial theoretical and practical difference.
For me the test is always: "Can I have the secret key?"

> > > > Now, let's say your operation is not that critical, and you are
> > > > running your service on a colocated machine together with 10 other
> > > > customers.  Now, a bug or missing feature is detected in the operating
> > > > system, and it needs to be upgraded.  You really think it is
> > > > cost-effective for the service provider to get the upgrade certified
> > > > by 10 other customers with equally sensitive data?
> > >
> > > In practice, one would sign a contract with the service provider about
> > > the properties provided by the OS then it can update the OS whenever
> > > neccessary.
> >
> > Well, you just increased the cost of deploying such a solution by an
> > order of magnitude (or two) by dragging the legal departments on *both
> > sides* into the decision process.  I am pretty bad at economics, but
> > even the little I know lets me predict instant death to such a
> > solution.  It doesn't sound very competitive to me.
> This is, what is actually done in the large computing centers of IBM, HP, etc.
> And it seems to be a good business model, else they would not focus on
> virtualization. You can still have a dedicated machine for high-security 
> applications, but this is more expensive than a virtual machine. But 
> currently, the customers have to trust the service provider...

When you say "this is actually done", what do you mean by "this"?  Do
large computing centers negotiate contracts about security properties
of their hosted services with their customers, which have to be
re-certified at every update?  Your last sentence seems to imply that
this is not the case, so I am confused why you make the comparison to
todays economics of server hosting.

Thanks,
Marcus