Separation:
| Physical Users are restricted to seperate devices |
| Temporal Processes execute one at a time |
| Logical each process has its own sandbox, restricted
what it can do outside its sandbox |
| Cryptographic an outsider can not read the data |
Memory protection:
| Fence |
| Segmentation |
| Paging Same as Segmentation, but all segments are of
a fixed size, no fragmentation |
Access control:
| OS has access to all |
Next Generation Secure Computing Base:
| Strong process isolation prevent processes
interfering with each other |
| Sealed storage hashing |
| Secure path mouse, keyboard, monitor |
| Attestation secure authentication of "things" (device,
software, services) |
Uses public key cryptography, anonymity is
provided by TTP and Zero knowledge
A "Trusted Computer" is a computer that can
break my security. Ross Anderson
|