It is as simple as software security can always be beat by software, but hardware based security *may* require hardware to beat it. The example in the article of a kernel-mode exploit being unable to recover sensitive crypto keys is a reasonable and realistic example of the goals and why hardware support is required to achieve those goals. Here is the defense chain (which does not currently exist either):

the loader verifies the integrity of the kernel image
the kernel verifies the integrity of kernel modules
kernel verifies the integrity of user land code before execution

However, even this does not protect against compromise of executing userland code (buffer overflows, race conditions, etc.), and if userland code is compromised, it is possible to compromise the kernel (kmem exploitation, etc.). If the kernel is compromised currently *all* software executing on the system falls victim to potential compromise. Only hardware can reasonably protect the kernel, therefore only hardware can reasonably provide a basis to protect a system against software-based attacks.

Go talk to any good hacker--they will tell you the same thing. Software security controls can always be beat by software if there is no hardware assistance. This stuff is not just about digital rights management and content protection.

Dom

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/93/13634#13634