<div dir="ltr"><div class="gmail_quote">2011/6/24 Orna Agmon Ben-Yehuda <span dir="ltr"><<a href="mailto:ladypine@gmail.com">ladypine@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div dir="ltr">Hello all security experts,<br></div></blockquote><div><br></div><div>I'm not a security expert, however you raised my curiosity.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div dir="ltr"><br>I would like to export data from a machine on a business's internal network on a safe media, such that only the files I want exported are on the media.</div></blockquote><div>[snip]</div><div><br></div>
<div>The basic things that I don't understand is, what is the basic thing you can trust.</div><div><br></div><div>Do you have a:</div><div><br></div><div>1) List of files on a computer you know who they are (say you generated their hash when you knew they're OK), and you wish to make sure no other file will sneak?</div>
<div><br></div><div>The basic problem here is, finding a computer you can trust in a hostile environment. Once you have a computer you completely trust - copying only those files in the list is trivial.</div><div><br></div>
<div>2) An oracle (usually the information security officer) who can, given a file, verify it is not secret.</div><div><br></div><div>In that case the basic problem is given a non-secret file, verify that no other information is included with it via stenography.</div>
<div><br></div><div>Or is it some other scenario that I'm missing?</div></div></div>