[OLPC Security] "Correlating bitfrost and threats"

[Ivan Krstić]

On Jul 30, 2007, at 2:01 AM, Jameson Chema Quinn wrote:
> A quick "yeah, we've seen it, looks mostly [good/bad/indifferent]"  
> would be fine as a reply

The OLPC security working group, of which Marc is a member, discussed  
this document in some detail at our March summit.

> The installation of applications under Bitfrost should be tweaked  
> so that, in addition to asking the application for a list of  
> requested endowments, the user is asked what kind of application is  
> being installed ("category-based installation").

I rejected this because I don't want the user to _have_ to perform an  
interaction at install-time by default. I'd like to add this feature  
after we ship such that more experienced users can enable it to have  
greater control over their system, but I will not make it mandatory.

> A computer-based training system that makes olpc owners resistant  
> to nigerian hoaxes should be explicitly included in the security  
> specification.

User training isn't part of system security and thus isn't covered by  
Bitfrost, but I'm exploring several different approaches to providing  
some kind of security training on the machine.

> The Bitfrost mechanism for updating firmware should be given a  
> detailed end-to-end security review to ensure attackers cannot  
> breach the system and render olpc computers unrecoverable.

This was already going to be done, and is currently in progress.

--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org