[Cryptography] Open Source Sandboxes to Enforce Security on Proprietary Code?
Tom Mitchell
mitch at niftyegg.com
Fri Aug 22 16:43:34 EDT 2014
On Fri, Aug 15, 2014 at 6:42 AM, Kent Borg <kentborg at borg.org> wrote:
> Designing in end-to-end encryption is a good idea, but just because there
> is a claim that some product employs end-to-end encryption, why should any
> customer believe it?
.....
> Are their other Usual Suspects are in this space?
>
There are some interesting chroot environments worth a look.
Start with the chroot bind package.
chroot combined with SELinux have the potential of being as close
to the isolation of a virtual machine hosted OS as possible.
Also emulation VMs kin to those used to develop android applications
might be worthy. Emulating an ARM bug on an X86_64 CPU
slams the door on a lot of abuses.
Storage for tricks like this was once expensive enough to
push system admins away from the duplication of bits
but the host OS might constantly monitor all the files
used in a chroot world.
Testing a functional black box like mail or bind might
be simplified as the service protocols are bounded and
perhaps well understood. The service specification limits
input, output, storage...
Some services like bind might well live on small inexpensive
machines like a Raspberry-Pi, same for honeypot and
VPN link functions.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140822/53e502f7/attachment.html>
More information about the cryptography
mailing list