One Laptop per Child security
Nicolas Williams
Nicolas.Williams at sun.com
Fri Feb 9 11:40:29 EST 2007
On Fri, Feb 09, 2007 at 01:22:06PM +1000, James A. Donald wrote:
> Nicolas Williams wrote:
> > The text you quote doesn't answer the question; the
> > rest of the wiki frontpage says little more. It tends
> > to make me think that if an application wants to do
> > something that I've not enabled it to do ahead of time
> > then it fails. Failure is incovenient. So as near as
> > I can tell from the text you quote BitFrost sets its
> > convenience/security parameters differently than other
> > OSes, but there's nothing truly Earth shatteringly new
> > there.
>
> There is a great deal that is earth shatteringly new,
> and it is documented - albeit in rather unclear and non
> standard format.
>
> The fundamental difference is that each application is
> run in its own VM, and so *cannot* exercise full user
> powers, whereas with *all* other OSs, if your solitaire
This is a good summary -- the analogy that I asked for.
It doesn't sound so new either though. Labelled OSes and trusted
desktops allow as much. My employer makes this stuff (much, if not all
of it FOSS), and there have been some very impressive blog posts showing
how you can have applications, including browsers, running in different
"VMs," with some VMs VPNed into a private network, and some not.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list