Re: Secure OS Thoughts
From: flip (flip_alpha_at_safebunch.com)
Date: 08/30/03
- Next message: Michael Amling: "Re: Crypto Mini-FAQ"
- Previous message: Michael Brown: "Re: Small streamcipher MiniTrixor 48-bit"
- In reply to: Martin Bealby: "Secure OS Thoughts"
- Next in thread: dsr_at_Florence.edu: "Re: Secure OS Thoughts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Aug 2003 19:25:20 -0700
"Martin Bealby" <mbealby@myrealbox.com> wrote in message
news:def941c6.0308291351.6a54f177@posting.google.com...
> I have been reading a large amount about cryptography recently, and a
> couple of things that appear again and again is the idea that you
> cannot build a secure system upon an insecure one, and that a system
> must be designed with security in mind from the outset. This set me
> thinking, why has nobody created a secure operating system. Now, I am
> not naive enough to think that any computer program can be 100%
> secure, but I imagine a large percentage of them did not have security
> as their number one goal. So I started thinking about this, and what
> the operating system would have to include. Below are the ideas I came
> up with:
>
> Objective:
>
> * To create a secure operating system suitable for use in highly
> security concious environments, with minimal risk of unauthorised
> access. Security is paramount, above all the system should be secure,
> even if this means a sacrafice in speed.
> [To quote Schneier: "We already have enough fast, insecure systems. We
> don't need another one."]
>
> Needed capabilities:
>
> * Forced write to disk, not just to buffers. [Possibly not available
> due to on disk caches?]
> * Assignment of secure memory when requested, that only that process
> can access and that will not by any means be written to a swap file.
> Possibly wiped when not needed anymore?
> * Secure file deletion from disks. [Links with point one.]
> * Minimal exploits due to broken code (buffer overflows etc) [Use of
> checking memory copy functions, random stack locations etc.]
> * Access control to devices.
> * Built-in correct implementations of encryption algorithms and key
> management protocols?
> * Logs of usage of devices, files, etc.
> * Encrypted filesystems?
> * Forced clearance of memory caches. [Is this possible?]
> * Cryptographicly secure random number generator.
> * Open source so even the *most* paranoid people can read it.
>
> These are the ideas that I came up with, I know that users are not
> bothered by security (usually), but I envisioned this operating system
> to be ran in high security environments, not one somebodies desktop.
> However, users will be users, so safeguards against common user side
> security flaws should also be reduced (Password checking, hashing
> etc.).
>
> I was just wondering if anyone else had any ideas on this topic. It is
> basically a list of security features that a paranoid person would
> want in an operating system, hence I'm posting it to sci.crypt :P
>
> Cheers,
> Martin
Maybe you can look at the:
Secure Operating System Consortium (http://www.stosdarwin.org/)
Also, there is a term called multi-level secure (MLS) OS. For example, look
at the Integrity Kernel by Green Hills.
HTH
- Next message: Michael Amling: "Re: Crypto Mini-FAQ"
- Previous message: Michael Brown: "Re: Small streamcipher MiniTrixor 48-bit"
- In reply to: Martin Bealby: "Secure OS Thoughts"
- Next in thread: dsr_at_Florence.edu: "Re: Secure OS Thoughts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
