[OLPC Security] Public release: OLPC Bitfrost security platform specification

Yoshiki Ohshima yoshiki at squeakland.org
Wed Feb 7 05:23:36 EST 2007


  Great write up, Ivan!

  I guess I need some more use cases to understand it further, though.
Specifically, in the context of Etoys VM and Etoys projects (or
perhaps it would be similar to the Python execution engine and Python
code), I couldn't figure out what would be the appropriate default
protection flags.

  For example, Etoys (the current version) has an ability to open the
camera and grab frames out of it.  One would imagine to write an Etoy
program that captures the movement of the sun by automatically taking
a photo for every 30 minutes.  And, suppose a teacher writes such a
program and wants it to be executed by his students.  How does this
senario work with Bitfrost?  (Sorry that my understanding of this is
pretty shallow...)

  Another example in Etoys is multi-file-type file browser.  It sounds
like that one can write a photo browser, but cannot write a photo and
movie browser.  Is this true?  It would be a strict restriction in
Etoys as one often wants make a project with sound and pictures.

  In section 6, it seems that a user-written Python file can have
these flags as (perhaps) metadata.  I think (of course) the protection
flags of such file should not be able to lessen the protection
provided by the Python execution engine program, but the execution
engine shouldn't have too strong protection by default to allow some
interesting stuff by children.  (The user seems to "install" such a
Python code as a "program", and upon that installation, he seems to
have a chance to modify the protection.  Is this right?)

  It probably comes down to: 1) setting the protection flags of an
"executable document", and 2) transitive protection of an execution
engine and loaded program/document on it.  (If I understand
correctly.)

  Thank you again and sorry for asking these random questions...

-- Yoshiki


More information about the Security mailing list