Re: Secure OS Thoughts
dsr_at_Florence.edu
Date: 08/30/03
- Next message: the cryptic: "implementing Pollards lambda"
- Previous message: Michael Amling: "Re: Crypto Mini-FAQ"
- In reply to: Martin Bealby: "Secure OS Thoughts"
- Next in thread: Anne & Lynn Wheeler: "Re: Secure OS Thoughts"
- Reply: Anne & Lynn Wheeler: "Re: Secure OS Thoughts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 30 Aug 2003 02:53:09 GMT
On 29 Aug 2003 14:51:35 -0700, mbealby@myrealbox.com (Martin Bealby)
wrote:
>I have been reading a large amount about cryptography recently, and a
>couple of things that appear again and again is the idea that you
>cannot build a secure system upon an insecure one, and that a system
>must be designed with security in mind from the outset. This set me
>thinking, why has nobody created a secure operating system. Now, I am
>not naive enough to think that any computer program can be 100%
>secure, but I imagine a large percentage of them did not have security
>as their number one goal. So I started thinking about this, and what
>the operating system would have to include. Below are the ideas I came
>up with:
>
>Objective:
>
> * To create a secure operating system suitable for use in highly
>security concious environments, with minimal risk of unauthorised
>access. Security is paramount, above all the system should be secure,
>even if this means a sacrafice in speed.
>[To quote Schneier: "We already have enough fast, insecure systems. We
>don't need another one."]
>
>Needed capabilities:
>
> * Forced write to disk, not just to buffers. [Possibly not available
>due to on disk caches?]
> * Assignment of secure memory when requested, that only that process
>can access and that will not by any means be written to a swap file.
>Possibly wiped when not needed anymore?
> * Secure file deletion from disks. [Links with point one.]
> * Minimal exploits due to broken code (buffer overflows etc) [Use of
>checking memory copy functions, random stack locations etc.]
> * Access control to devices.
> * Built-in correct implementations of encryption algorithms and key
>management protocols?
> * Logs of usage of devices, files, etc.
> * Encrypted filesystems?
> * Forced clearance of memory caches. [Is this possible?]
> * Cryptographicly secure random number generator.
> * Open source so even the *most* paranoid people can read it.
>
>These are the ideas that I came up with, I know that users are not
>bothered by security (usually), but I envisioned this operating system
>to be ran in high security environments, not one somebodies desktop.
>However, users will be users, so safeguards against common user side
>security flaws should also be reduced (Password checking, hashing
>etc.).
>
>I was just wondering if anyone else had any ideas on this topic. It is
>basically a list of security features that a paranoid person would
>want in an operating system, hence I'm posting it to sci.crypt :P
>
>Cheers,
>Martin
You could use google to search for terms such as "red black" emission
security etc. pretty much SOP for sensitive installations.
- Next message: the cryptic: "implementing Pollards lambda"
- Previous message: Michael Amling: "Re: Crypto Mini-FAQ"
- In reply to: Martin Bealby: "Secure OS Thoughts"
- Next in thread: Anne & Lynn Wheeler: "Re: Secure OS Thoughts"
- Reply: Anne & Lynn Wheeler: "Re: Secure OS Thoughts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
