[Cryptography] Complexity as an Asset vs. Liability
Kent Borg
kentborg at borg.org
Thu Sep 29 11:10:23 EDT 2016
In an earlier e-mail I wrote: "Complexity isn't seen to be a liability,
it is seen as an asset." But there are exceptions.
This morning I was reading about Qubes (Linux distribution that makes it
easy, at the GUI level, to isolate different activities in different Xen
VMs, including protecting the OS itself).
In their FAQ they brag:
> Our GUI infrastructure introduces only about 2,500 lines of C code
> (LOC) into the privileged domain (Dom0), which is very little, and
> thus leaves little space for bugs and potential attacks.
Bragging about how few lines-of-code?!
Yes! Simplicity as a feature.
Reading about why Qubes isn't multiuser, they seem to have suffered
greatly over establishing system boundaries; there wasn't a way for both
non-privileged users to control Xen and to protect those non-privileged
users from each other.
-kb, the Kent who can't help but think their job in building this larger
secure system would be so much easier if the subsystems they are
wrangling were designed to have clean (and defined!) system boundaries.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160929/e78a06a2/attachment.html>
More information about the cryptography
mailing list