Secure OS Thoughts
From: Martin Bealby (mbealby_at_myrealbox.com)
Date: 08/29/03
- Next message: Brian Gladman: "Re: Factoring program"
- Previous message: David Wagner: "Re: Crypto Mini-FAQ"
- Next in thread: Alex Flanagan: "Re: Secure OS Thoughts"
- Reply: Alex Flanagan: "Re: Secure OS Thoughts"
- Reply: Anne & Lynn Wheeler: "Re: Secure OS Thoughts"
- Reply: flip: "Re: Secure OS Thoughts"
- Reply: dsr_at_Florence.edu: "Re: Secure OS Thoughts"
- Reply: Douglas A. Gwyn: "Re: Secure OS Thoughts"
- Maybe reply: Jan Panteltje: "Re: Secure OS Thoughts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Aug 2003 14:51:35 -0700
I have been reading a large amount about cryptography recently, and a
couple of things that appear again and again is the idea that you
cannot build a secure system upon an insecure one, and that a system
must be designed with security in mind from the outset. This set me
thinking, why has nobody created a secure operating system. Now, I am
not naive enough to think that any computer program can be 100%
secure, but I imagine a large percentage of them did not have security
as their number one goal. So I started thinking about this, and what
the operating system would have to include. Below are the ideas I came
up with:
Objective:
* To create a secure operating system suitable for use in highly
security concious environments, with minimal risk of unauthorised
access. Security is paramount, above all the system should be secure,
even if this means a sacrafice in speed.
[To quote Schneier: "We already have enough fast, insecure systems. We
don't need another one."]
Needed capabilities:
* Forced write to disk, not just to buffers. [Possibly not available
due to on disk caches?]
* Assignment of secure memory when requested, that only that process
can access and that will not by any means be written to a swap file.
Possibly wiped when not needed anymore?
* Secure file deletion from disks. [Links with point one.]
* Minimal exploits due to broken code (buffer overflows etc) [Use of
checking memory copy functions, random stack locations etc.]
* Access control to devices.
* Built-in correct implementations of encryption algorithms and key
management protocols?
* Logs of usage of devices, files, etc.
* Encrypted filesystems?
* Forced clearance of memory caches. [Is this possible?]
* Cryptographicly secure random number generator.
* Open source so even the *most* paranoid people can read it.
These are the ideas that I came up with, I know that users are not
bothered by security (usually), but I envisioned this operating system
to be ran in high security environments, not one somebodies desktop.
However, users will be users, so safeguards against common user side
security flaws should also be reduced (Password checking, hashing
etc.).
I was just wondering if anyone else had any ideas on this topic. It is
basically a list of security features that a paranoid person would
want in an operating system, hence I'm posting it to sci.crypt :P
Cheers,
Martin
- Next message: Brian Gladman: "Re: Factoring program"
- Previous message: David Wagner: "Re: Crypto Mini-FAQ"
- Next in thread: Alex Flanagan: "Re: Secure OS Thoughts"
- Reply: Alex Flanagan: "Re: Secure OS Thoughts"
- Reply: Anne & Lynn Wheeler: "Re: Secure OS Thoughts"
- Reply: flip: "Re: Secure OS Thoughts"
- Reply: dsr_at_Florence.edu: "Re: Secure OS Thoughts"
- Reply: Douglas A. Gwyn: "Re: Secure OS Thoughts"
- Maybe reply: Jan Panteltje: "Re: Secure OS Thoughts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
