On Wed, 7 Feb 2007 15:04:40 -0800 "Saqib Ali" <[EMAIL PROTECTED]> wrote:
> And here is the wired coverage of the BitFrost platform: > > http://www.wired.com/news/technology/0,72669-0.html?tw=wn_culture_1 > > >From the article: > But it should come as no surprise -- given how thoroughly the project > has rewritten the conventions of what a laptop should be -- that the > OLPC's security isn't built on firewalls and anti-virus software. > > Instead, the XO will premiere a security system that takes a radical > approach to computer protection. For starters, it does away with the > ubiquitous security prompts so familiar to users of Windows and > anti-virus software, said Ivan Krstic, a young security guru on break > from Harvard, who's in charge of security for the XO. > > "How can you expect a 6-year old to make a sensible decision when > 40-year olds can't?" Krstic asked, in a session at the 2007 RSA > Conference. Those boxes simply train users to check "yes," he argued. > > Krstic's system, known as the BitFrost platform....Read more at: > http://www.wired.com/news/technology/0,72669-0.html?tw=wn_culture_1 > We're digressing to general security topics here, but I'll take a chance that our moderator will allow this through -- I do mention "crypto"... That firewalls should be omitted is no surprise. A firewall is a device for centralized policy enforcement; it's useful when policy to the "outside" -- whatever that is -- is different than policy for the "inside". If you don't have a well-defined "inside" and "outside", they're not very useful. However, their primary benefit comes from keeping the bad guys away from buggy code. That problem, I predict, will afflict this project as well -- just because a service uses cryptographic authentication doesn't make it immune to bugs, including bugs before the crypto authentication has succeeded. Even if the crypto authentication succeeds, all it means is that some process on the other machine has access to the credentials; it says nothing about whether or not the human in front of that machine wants to connect. The AV decision is more problematic. While a good security model can prevent system files from being overwritten, most worms use purely user-level abilities. It would take a fairly radical OS design to prevent a user-level worm from spreading. (Thought experiment: explain what OS facilities would have prevented the 1988 Internet worm from succeeding. My conclusion, way back when, that nothing in, say, the Orange Book would have stopped it was a major step in my evolution as a security researcher. It can be done, I suspect, but only by very stringent restrictions on application privileges. Have you designed such restrictions? Now assume it's a dual-mode worm, that attacks web servers and web browsers.) --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
