[OLPC Security] A mom's worries
Marcus Leech
mleech at nortel.com
Wed Nov 28 23:25:18 EST 2007
alien wrote:
>
> Wow, looks like the antivirus industry is out of business.
>
I think it's important to recognize that in the absence of
provably-correct (and, hopefully, provably secure)
software, *any* piece of software that ever connects to the outside
world in *any* way could
be compromised in some way to achieve "unintended operation".
The question is, to what extent does the underlying operating system
reduce the downstream consequences
of this? Historically, operating systems that were designed from the
ground up to have strong user-to-user
isolation (Multics, the various *nix {BSD, Linux, etc, etc], VMS, and
a signficant flotilla of others over
the last 40 years) have fewer "downstream consequences" to software
suffering "unintended consequences".
The problem has been that, until fairly recently, user-friendly
desktop software like Windows has been designed
with *very poor* user-to-user isolation, because the original design
of the operating system was single-user.
No concept of file ownership, policies, permissions, etc, etc. Over
the years Windows has slowly moved
away from that model, but it has had to do so in ways that are, at
least to the user, backwards-compatible
with that early world view. It is an inevitable emergent property of
this design principle that the downstream
consequences of leveraging "unintended operation" of software will be
greater than in situations where the
underlying operating understood the notion of user-to-user isolation.
The various Unix and Unix-like operating systems have suffered less from
virus-type problems not just because
those operating system are less popular, but also because the
underlying operating system design makes it
less-than-trivial to accomplish. Are Linux applications *inherently*
better written/more-secure than
Windows ones? No, I don't think so. But the underlying operating
system tends to reduce the hazards
of careless applications programming.
What the OLPC folks are doing is laying out a roadmap for security that
leverages the underlying OS design
to reduce the downstream consequences even further. Is the OLPC
invulnerable? Not a chance!
No computer system written by humans can possibly be "invulnerable".
There *are* a few
discrete applications out there that one might regard as
"invulnerable", but they're boring, and offer
little functionality. Think embedded firmware that converts touchtone
keypresses to actual tones
on phone lines, that sort of thing. The more functional a piece of
software is, and the more it
communicates with the outside world, the higher the chances that it
can be "compromised" in some
way. That's an inevitable fact of life. It's as inevitable as the
Sun rising tomorrow, or politicians lying.
What the BitFrost model will do, eventually, is to establish new
benchmarks in "downstream hazard reduction".
But can never make anything "invulnerable".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.laptop.org/pipermail/security/attachments/20071128/d2090b7b/attachment.pgp
More information about the Security
mailing list