Complete the Case Study questions from Wright and Kakalik. In your words briefly answer the following questions. Each answer should be at least one paragraph.
IBM Case Study Questions
1. Why is it essential to have a hardware security foundation?
2. Identify at least five attacks that cannot be defended with software.
3. Why are open standards important in security?
4. Why would IBM be an advocate for open standards? Why would it change its proprietary ESS 1.0 chip, which it had already sold in some of its PL300 desktops and T23 ThinkPad notebooks, and which it had paid a Common Criteria Testing Laboratory to evaluate, so that it was available as open source?
5. What does trusted platform computing mean?
6. What is the trusted platform module?
7. Describe the major differences between ESS 1.0 and ESS 2.0.
8. How can the trusted boot functions prevent the unauthorized modification of the operating system?
9. What is the purpose of the endorsement key? The storage root key? The owner authorization secret key?
10. Explain how the ESS 2.0 chip can protect the owner's data from external attack, but it cannot protect that data from attack by the owner.
Reference:
Wright, M. & Kakalik, J. (2007). Information security: Contemporary cases: Boston, MA: Jones and Bartlett Publishers.