[Cryptography] Complexity as an Asset vs. Liability

Kent Borg kentborg at borg.org
Thu Sep 29 11:10:23 EDT 2016


In an earlier e-mail I wrote: "Complexity isn't seen to be a liability, 
it is seen as an asset." But there are exceptions.

This morning I was reading about Qubes (Linux distribution that makes it 
easy, at the GUI level, to isolate different activities in different Xen 
VMs, including protecting the OS itself).

In their FAQ they brag:

> Our GUI infrastructure introduces only about 2,500 lines of C code 
> (LOC) into the privileged domain (Dom0), which is very little, and 
> thus leaves little space for bugs and potential attacks.

Bragging about how few lines-of-code?!

Yes! Simplicity as a feature.

Reading about why Qubes isn't multiuser, they seem to have suffered 
greatly over establishing system boundaries; there wasn't a way for both 
non-privileged users to control Xen and to protect those non-privileged 
users from each other.

-kb, the Kent who can't help but think their job in building this larger 
secure system would be so much easier if the subsystems they are 
wrangling were designed to have clean (and defined!) system boundaries.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160929/e78a06a2/attachment.html>


More information about the cryptography mailing list