[Cryptography] Simpler programs?
Guido Witmond
guido at witmond.nl
Fri Apr 18 03:44:52 EDT 2014
On 04/17/14 20:34, Bill Frantz wrote:
> On 4/17/14 at 5:41 AM, l at odewijk.nl (Lodewijk andré de la porte) wrote:
>
>> Why is it that these things are always so.. outlandish? I can't use this
>> for a desktop environment.
Genode has a browser in their demo.
Their old (2011) demo downloads a linux-kernel and small userland over
the net and runs it in a protected domain, inside the browser. Of
course, it was as trusted as the network it downloaded from. (ie, not at
all) but it only had access to itself, the os protected itself and the
other applications against a misbehaving download.
The new releases will contain an ever improving port of Virtualbox,
making compatibility soar.
> Well, the 370 version of KeyKOS could run IBM's CMS, which was a desktop
> environment back when the desktop meant timesharing. Otherwise, desktop
> environments take a lot of development work. There doesn't seem to be a
> market for anything which provides least privilege for desktop
> applications. HP labs has done some excellent work in this area with
> their Polaris system, which runs each Windows application in a separate
> user ID, and CapDesk which runs the file dialog as a secure,
> privilege-granting widget for applications wanting to access files.
>
> My bottom line is, where's the money?
I do hope that the current climate about spying and lack of security
will change the tide. I guess it will when the banks hold end users
responsible for their systems and *enforce* that. IE, people need to
lose money before they do something about it.... (regrettably).
>> I suppose I'm very defeatist about OS's. A lack of a truly portable
>> application format, thick OS specific API's, etc. cause so much pain in
>> this.
>
> I'm not sure the Unix model is the correct model, but that's what we
> have in Windows, MacOS, Linux, and Unix. KeyKOS had a Unix emulator. The
> question always came up, "How compatible is it?" When we probed the
> answer seemed to be, "We need bug for bug compatibility."
I'm very sure the unix model is not the correct model as hostile code
can run inside a trusted environment.
In unix the maximum security-level (for each user-id) is that of the
lowest security level of all of the programs that that user can run.
Each program has access to everything that is important to the user,
their files.
Polaris [1] had it right for Windows. Too bad it wasn't available in
open source for linux. Is Polaris still for sale?
Regards, Guido.
1: http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140418/af9535d6/attachment.pgp>
More information about the cryptography
mailing list