[Python-Dev] Proposal : Python Trusted Computing API (original) (raw)

Guido van Rossum guido at python.org
Mon Oct 19 21:35:59 CEST 2009

On Sun, Oct 18, 2009 at 11:29 PM, Abhiram Kasina <abhiram.casina at gmail.com> wrote:

Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group (TCG)[3]. So, basically the group came up with these chips called TPM chips which are present on most motherboards nowadays. The main purpose of it is to enhance security so that infected executables don't run. It also provides memory curtaining such that cryptographic keys won't be accessible and many other features. There was a criticism on this from the FOSS community as well that it enables DRM. No wonder, it is being pushed by Intel, Microsoft, AMD, etc.. But personally I think its a good idea from security point of view.

Hm... Given that most infections these days are JavaScript based and run in the browser, how does this provide any protection? I'm presuming you're going to say that it doesn't but that there are other use cases where it does provide protection; but most likely those use cases are only relevant for Windows (since that's what most attackers attack anyway).

So, currently there is an TSS (TCG Software Stack)[1] API written in C. And TrustedJava[2] is a project which ported it to Java and is going to be included in the standard API of Java soon. They have 2 versions of it. One is a simple wrapper on top of the API and the other is a whole implementation of the stack in Java.

Since this intefaces with the hardware, doesn't it require some kind of cooperation from the Linux kernel? And wouldn't it be better if Python was never allowed access to any of the protected resources in the first place?

My proposal is we create an API for it in python. Reason: I am a developer in Umit

Where/what is Umit? (Google gives several meanings but it's unclear which you might mean.)

and I think Python is a very good platform for developing applications. So, why not create an API which helps in developing secure applications?

You'd first have to tell us more about the security model. What is a "secure application" and what does it protect against? And how?

I would love to learn more and provide you with any more information. Please let me know what you guys think of it?

This is better directed at python-ideas, so I've redirected this reply there and Bcc'ed the python-dev list.

Thanks in advance

Cheers Abhiram [1] http://www.trustedcomputinggroup.org/resources/tcgsoftwarestacktssspecification [2] http://trustedjava.sourceforge.net/index.php?item=jtss/about [3] http://www.trustedcomputinggroup.org/

Python-Dev mailing list Python-Dev at python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/guido%40python.org

-- --Guido van Rossum (home page: http://www.python.org/~guido/)

More information about the Python-Dev mailing list