[OLPC Security] A mom's worries

Marcus Leech mleech at nortel.com
Wed Nov 28 23:25:18 EST 2007 

alien wrote:
>
> Wow, looks like the antivirus industry is out of business.
>   
I think it's important to recognize that in the absence of
provably-correct (and, hopefully, provably secure)
  software, *any* piece of software that ever connects to the outside
world in *any* way could
  be compromised in some way to achieve "unintended operation".

The question is, to what extent does the underlying operating system
reduce the downstream consequences
  of this?  Historically, operating systems that were designed from the
ground up to have strong user-to-user
  isolation (Multics, the various *nix {BSD, Linux, etc, etc], VMS, and
a signficant flotilla of others over
  the last 40 years) have fewer "downstream consequences" to software
suffering "unintended consequences".
  The problem has been that, until fairly recently, user-friendly
desktop software like Windows has been designed
  with *very poor* user-to-user isolation, because the original design
of the operating system was single-user.
  No concept of file ownership, policies, permissions, etc, etc.  Over
the years Windows has slowly moved
  away from that model, but it has had to do so in ways that are, at
least to the user, backwards-compatible
  with that early world view.   It is an inevitable emergent property of
this design principle that the downstream
  consequences of leveraging "unintended operation" of software will be
greater than in situations where the
  underlying operating understood the notion of user-to-user isolation.

The various Unix and Unix-like operating systems have suffered less from
virus-type problems not just because
  those operating system are less popular, but also because the
underlying operating system design makes it
  less-than-trivial to accomplish.  Are Linux applications *inherently*
better written/more-secure than
  Windows ones?  No, I don't think so.  But the underlying operating
system tends to reduce the hazards
  of careless applications programming.

What the OLPC folks are doing is laying out a roadmap for security that
leverages the underlying OS design
  to reduce the downstream consequences even further.   Is the OLPC
invulnerable?   Not a chance!
  No computer system written by humans can possibly be "invulnerable".  
There *are* a few
  discrete applications out there that one might regard as
"invulnerable", but they're boring, and offer
  little functionality.  Think embedded firmware that converts touchtone
keypresses to actual tones
  on phone lines, that sort of thing.   The more functional a piece of
software is, and the more it
  communicates with the outside world, the higher the chances that it
can be "compromised" in some
  way.  That's an inevitable fact of life.  It's as inevitable as the
Sun rising tomorrow, or politicians lying.

What the BitFrost model will do, eventually, is to establish new
benchmarks in "downstream hazard reduction".
  But can never make anything "invulnerable".


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.laptop.org/pipermail/security/attachments/20071128/d2090b7b/attachment.pgp

More information about the Security mailing list