Proposal : Python Trusted Computing API
Hi Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group (TCG)[3]. So, basically the group came up with these chips called TPM chips which are present on most motherboards nowadays. The main purpose of it is to enhance security so that infected executables don't run. It also provides memory curtaining such that cryptographic keys won't be accessible and many other features. There was a criticism on this from the FOSS community as well that it enables DRM. No wonder, it is being pushed by Intel, Microsoft, AMD, etc.. But personally I think its a good idea from security point of view. So, currently there is an TSS (TCG Software Stack)[1] API written in C. And TrustedJava[2] is a project which ported it to Java and is going to be included in the standard API of Java soon. They have 2 versions of it. One is a simple wrapper on top of the API and the other is a whole implementation of the stack in Java. My proposal is we create an API for it in python. *Reason*: I am a developer in Umit and I think Python is a very good platform for developing applications. So, why not create an API which helps in developing secure applications? I would love to learn more and provide you with any more information. Please let me know what you guys think of it? Thanks in advance Cheers Abhiram [1] http://www.trustedcomputinggroup.org/resources/tcg_software_stack_tss_specif... [2] http://trustedjava.sourceforge.net/index.php?item=jtss/about [3] http://www.trustedcomputinggroup.org/
On Sun, Oct 18, 2009 at 11:29 PM, Abhiram Kasina
Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group (TCG)[3]. So, basically the group came up with these chips called TPM chips which are present on most motherboards nowadays. The main purpose of it is to enhance security so that infected executables don't run. It also provides memory curtaining such that cryptographic keys won't be accessible and many other features. There was a criticism on this from the FOSS community as well that it enables DRM. No wonder, it is being pushed by Intel, Microsoft, AMD, etc.. But personally I think its a good idea from security point of view.
Hm... Given that most infections these days are JavaScript based and run in the browser, how does this provide any protection? I'm presuming you're going to say that it doesn't but that there are other use cases where it *does* provide protection; but most likely those use cases are only relevant for Windows (since that's what most attackers attack anyway).
So, currently there is an TSS (TCG Software Stack)[1] API written in C. And TrustedJava[2] is a project which ported it to Java and is going to be included in the standard API of Java soon. They have 2 versions of it. One is a simple wrapper on top of the API and the other is a whole implementation of the stack in Java.
Since this intefaces with the hardware, doesn't it require some kind of cooperation from the Linux kernel? And wouldn't it be better if Python was never allowed access to any of the protected resources in the first place?
My proposal is we create an API for it in python. Reason: I am a developer in Umit
Where/what is Umit? (Google gives several meanings but it's unclear which you might mean.)
and I think Python is a very good platform for developing applications. So, why not create an API which helps in developing secure applications?
You'd first have to tell us more about the security model. What is a "secure application" and what does it protect against? And how?
I would love to learn more and provide you with any more information. Please let me know what you guys think of it?
This is better directed at python-ideas, so I've redirected this reply there and Bcc'ed the python-dev list.
Thanks in advance
Cheers Abhiram
[1] http://www.trustedcomputinggroup.org/resources/tcg_software_stack_tss_specif... [2] http://trustedjava.sourceforge.net/index.php?item=jtss/about [3] http://www.trustedcomputinggroup.org/
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/guido%40python.org
-- --Guido van Rossum (home page: http://www.python.org/~guido/)
Abhiram Kasina wrote:
I would love to learn more and provide you with any more information. Please let me know what you guys think of it?
This is really an off-topic question for python-dev. This list is just about developing the core interpreter and standard library - we have no control over the APIs that people choose to develop and publish on top of that. If you want to develop such an API and put it up on PyPI, then go right ahead. comp.lang.python (aka python-list) would be the place to ask for interest from other developers. Regards, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia ---------------------------------------------------------------
participants (3)
-
Abhiram Kasina -
Guido van Rossum -
Nick Coghlan