Microsoft Trusted Stack: Hardware and O/S

In fact like data, trust in the operating system and hardware devices could easily be achieved but there would be an implication to the user.

Trust in O/S

The more lines of code in the O/S the larger the attack surface. Every patch and update adds more lines of code. The more features that come with an operating system the greater the attack surface. Now it is possible for the O/S vendors to strip out everything from an O/S and thus substantially reduce the attack surface but what do you want?

An O/S without media players, internet browsers, fast search capabilities for large hard disks? Complete trust in an O/S is actually easy to achieve but a significant cost to the user would include lack of features, greater configurability, and implications if these features are requested.

Making the O/S proprietary or having every component digitally signed in order to create greater trust in an O/S has implications in terms of development and cost which unfortunately can only once again be borne by the user.

Trust in Hardware

Without going into huge detail – listen to the Ivan Krstić Podcast here. At present areas of organised crime have appropriated high level hardware with a view to finding methods of embedding malware and other detrimental programs into our system chipsets, whether they be motherboard, routers or intelligent switches. According to one conference speaker, organised crime has even been known to purchase systems, upload their code into those systems and then sell them on either at cost or a greatly reduced price.