 | Physical Users are restricted to seperate devices |
| Temporal Processes execute one at a time |
| Logical each process has its own sandbox, restricted what it can do outside its sandbox |
| Cryptographic an outsider can not read the data |
Memory protection:
| Fence |
| Segmentation |
| Paging Same as Segmentation, but all segments are of a fixed size, no fragmentation |
Access control:
| OS has access to all |
Next Generation Secure Computing Base:
| Strong process isolation prevent processes interfering with each other |
| Sealed storage hashing |
| Secure path mouse, keyboard, monitor |
| Attestation secure authentication of "things" (device, software, services) |
Uses public key cryptography, anonymity is provided by TTP and Zero knowledge
A "Trusted Computer" is a computer that can break my security. Ross Anderson