Stories
Slash Boxes
Comments

SoylentNews is people

posted by girlwhowaspluggedout on Monday March 03 2014, @02:30PM   Printer-friendly
from the god-himself-could-not-sink-this-ship dept.

AnonTechie writes:

"Intel's Reliance Point is a research project with a daunting task - a leak-proof Big Data sharing solution for business collaboration.

The chipmaker, says The MIT Technology Review, 'thinks it has a way to let valuable data be combined and analyzed without endangering anyone's privacy. Its researchers are testing a super-secure data locker where a company could combine its sensitive data with that from another party without either side risking that raw information being seen or stolen.' The system's inner workings are based on a series of security checks, from the BIOS on up:

When the Reliance Point system boots up, a security chip is used to check that the BIOS, the lowest-level software on a computer that starts it up, hasn't been tampered with. The BIOS then makes its own checks before activating the next level of software, which in turn makes its own checks, a chain-like process that continues until the system is fully operational.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by dbot on Monday March 03 2014, @02:40PM

    by dbot (1811) on Monday March 03 2014, @02:40PM (#10049) Journal

    Reliance Point or Palladium [wikipedia.org].

    That which we call a dead horse
    By any other name would smell as sweet;

    This Time: with Big Data. Can't wait for the Cloud version.

    • (Score: 1, Funny) by marcello_dl on Monday March 03 2014, @05:04PM

      by marcello_dl (2685) on Monday March 03 2014, @05:04PM (#10115)

      You forgot to imagine a beowulf cluster of it.

  • (Score: 5, Insightful) by Dunbal on Monday March 03 2014, @02:47PM

    by Dunbal (3515) on Monday March 03 2014, @02:47PM (#10053)

    The problem is the system whereby government (any government) will just ask for the keys to the "locker" and get them. If you have a nice, centralized repository of information, then the government(s) know exactly where to look, exactly who to talk to, and exactly who to threaten. The only possible solution is a decentralized one but even then, we're back to the fundamental flaw in computer security - if your computer can read it then so can mine.

    • (Score: 5, Insightful) by Sir Garlon on Monday March 03 2014, @03:26PM

      by Sir Garlon (1264) on Monday March 03 2014, @03:26PM (#10071)

      Not just the government -- any attacker. If you think about it, a government subpoena is just a (legalized) insider attack. If a sys admin can hand your data over to the Feds, he can hand it to anyone else, too.

      --
      [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
  • (Score: 5, Interesting) by VLM on Monday March 03 2014, @02:54PM

    by VLM (445) on Monday March 03 2014, @02:54PM (#10058)

    Luckily, in the history of computing, no one has ever cracked software protected by a hardware dongle.

    Sounds easy enough to virtualize and crack. After all the article claims there will be billions of dollars of motivation, whereas teens used to do that kind of stuff for free just to play Donkey Kong ripoffs. I'm sure there's no one in .ru today who's pissed off at .us and willing to incidentally collect a couple billion bucks, nope, just gonna play xbox and post on 4chan all day I'm sure.

    I bet there are interesting MITM implications.

    The root problem is not only are you going to inevitably get busted for an expensive HIPPA violation, but you also spent huge amounts of money and effort on something that might have produced (intentionally?) inaccurate data for an unknown time after it was powned, and you don't know when that happened. So now you're out huge stacks of cash and have bad data. Awesome destination, better get out of the way of the stampede.

    Also you've got a trust issue in a prisoners dilemma scenario where corporate mgmt is by definition uneducated psychopaths. What could possibly go wrong? I'd assume both companies would feed false information to each other and then broker out what they "learn". This may yet become the most elaborate and complicated random number generation algorithm ever conceived.

    And don't forget you don't need to be utterly powned to have an infosec disaster. Just leak "enough". Target didn't lose every credit card ever used at any store... just enough of them to be an issue. Don't need to leak everything via this system, just "enough".

    Would be nice to see something like HIPPA implemented for financial transactions. Lots of election donation funds standing in the way.

  • (Score: 3, Interesting) by irick on Monday March 03 2014, @04:42PM

    by irick (3441) on Monday March 03 2014, @04:42PM (#10106)

    Just how the dialog has changed with these sort of marketing materials. This recent shift in focus on cryptography and data security seems to be compelling people to spin their products to this point. TFA is definitely put in the context of a big data customer with an already huge database of customer personal information. The focus is on how it can maintain the integrity of their proprietary information and give them an easy way to increase the utility of that asset while conforming to applicable laws.

    It's interesting how these laws are presented in the article. They are a problem that Intel is working to address rather than a set of protections. TFA gives an interesting look at this sort of mentality, at least given my personal inclinations toward personal data privacy. I enjoyed the moment of insight on the other side of the equation.

  • (Score: 3, Interesting) by Boxzy on Monday March 03 2014, @10:19PM

    by Boxzy (742) on Monday March 03 2014, @10:19PM (#10285) Journal

    Anyone else seeing a contradiction in terms? either it's leak-proof, preferably air gapped, or it's Big Data which you can guarantee some government agency or corporation has its claws into.

    --
    Go green, Go Soylent.