I was thinking about Michael Dexter's BSD presentation last night. One of my concerns about software is the insertion of logic bombs.
While open source code is decently reviewed by many eyes, the review process is unlikely to catch intentional malware whose behavior is scattered through many interacting modules. A line of code here, a regexp there. It would be difficult to make all that add up to an exploit, but not impossible. So, I assume that well funded agencies with enough brainpower (US National Security Agency, Chinese People's Liberation Army, Iranian Sepāh) can, and have, inserted logic bombs in my Linux systems through seemingly innocent contributions to open source software. The insertion process would have to be continous, and uncertain, as patches introduced by others might deactivate parts of the behavior the logic bombs depend on. An arms race, where one side is trying to hide their manipulations, and the other side is unknowingly defeating the manipulations through the general process of code improvement. I assume different code trees, like Linux and BSD, do not share enough commonalities for the same subtle exploits to work on both. So if the two operating systems are running side by side, processing the same inputs for the same intended outputs, a third system could monitor the outputs of both and look for differences. This is a very high level abstraction; of course the outputs and their sequence will differ, even if they follow the same overall specification. But if the specifications are specific enough, the differences will be small and predictable, and serious discrepancies detectable. Both systems might have some of the same overall exploits, but the time-to-exploit would likely be different. That should be enough to get attention and trigger intervention. On a less paranoid level, a "two OS plus detector" system might be useful for testing code, or looking for failures in systems needing ultra-high reliability. Yes, the maintainers of such systems will need big staffs to deal with a lot of false alarms, but their code will become very well tested as the sources of such alarms (bad specs and noncompliant code) were eliminated. While I personally do not have the resources necessary to maintain multiple OS'es (production Redhat and dabbling with Ubuntu is all I can manage), those who can support a heterogeneous collection of systems might consider setting up some test systems like this. So, I'm glad some of us geeks are running BSD! Keeping that knowledge alive and ready to spread will be vitally important in an emergency. If we geeks ever find ourselves defending the region's infrastucture from large scale attack, we may need to rapidly deploy such systems to keep the generators from melting and the gas pipelines from exploding. From what I've read, the US government and military are focused on cyber offense, and the defense of their own systems, not protecting the general population. We are on our own - someday, the people on this list may save Portland. Keith -- Keith Lofstrom [email protected] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
