[tahoe-dev] Secure OS for running Tahoe?

Simon Forman forman.simon at gmail.com
Fri Feb 22 21:04:09 UTC 2013 

On 2/22/13, Patrick R McDonald <marlowe at antagonism.org> wrote:
> On Fri, Feb 22, 2013 at 09:23:11AM -0800, Simon Forman wrote:
>> Hey all,
>>
>> Forgive me if this is the wrong place to ask this or if it's terribly
>> naive, but could I get some recommendations for secure OSs to run
>> Tahoe on?  I know there's OpenBSD, are they still near the top of the
>> heap?  What about OKL4?
>>
>> I'm a programmer, but a total neophyte when it comes to security et.
>> al., I know just enough to know how little I know.
>
> Simon,
>
> This is the right place to ask and don't worry about sounding naive.

Right on, thank you Patrick. :)

> An upfront disclaimer, I am a security consultant by trade and this type
> of thread is one I really like to discuss.  So forgive my long
> windedness and thank you.

Not a problem, I like reading, and you're welcome.

> Your question however is a little hard to answer in that the definition
> of secure differs from person to person and implementation to
> implementation.  To better answer your question, you need to come up
> with a threat model.  A threat model defines what you are trying to
> protect, from whom, what resources the bad guys have and are willing to
> use to get what you want.  For example, your threat model might not
> include aliens as the bad guys, but mine does as they are amongst us ;)
> Hopefully that bit of humor, made it clear that what is secure for me,
> might not be secure for you.  Once you have defined your threat model,
> you can find a system which meets or hopefully exceeds your threat
> model.
>
> Threat model discussions aside, use an OS with which you are
> comfortable.  While system X may be more "secure", it won't make a lick
> of difference if you don't understand how to use it or its security
> features. Think of Windows early implementations of User Access Control
> (UAC).  Users simply checked yes because they didn't understand what the
> box was asking, possible putting their system in danger.
>
> If you aren't comfortable asking OS implementation questions on the
> list, please feel free to contact me directly.  Also don't worry about
> sounding as if you are in over your head.  I am actually the same way
> when it comes to programming.  We all have to start somewhere.
>
> Cheers,
> Patrick
>


Hmm, well, I can rule out omniscient entities, by definition. Whether
aliens are omniscient or not is something of an open question.

I've long used the concept of a "time camera" as a kind of thought
experiment to think about these sorts of things. That would be a
machine that lets the operator see anywhere and any-when in the past,
several sci-fi authors have written stories involving them.  We could
also postulate a machine that scans the signals put off by the brain
and reconstructs the contents of one's thoughts somehow.

Attackers with either of those are pretty much out of my league. :)

I've been staring at the screen for a couple of minutes now and I
think the best I can do is "insufficient data"...  :(

I don't expect to foils the pros, but I would like something that
isn't donating free cpu time to the first script-kiddie to digitally
wander by.

I have two use cases in mind:

First, I'm helping a neuroscience lab construct a simple web app to
accept and visualize information from users' apps (brain games.)  I'd
like to use Tahoe via LeastAuthority.com if I can sell them on it, but
if they want to host the storage themselves I'd like to be able to
tell them something sensible (and more informed than "I get good
mileage out of <commodity OS>...".)

Second, I have an educational, uh, thing, I'm putting together.  I
want an secure OS to run it on, but the pedagogical suitability of the
OS is more important than any particular strength.  "More secure than
Windows" or some other near-meaningless phrase that will make sense to
normal people learning this stuff.  That's why I'm looking at the L4
family, they seem simple enough.


The first case seems pretty well covered, but every time I go
searching for small-ish secure operating systems I seem to find more.

Thanks again for your help and encouragement,
~Simon
-- 
http://twitter.com/SimonForman
My blog: http://firequery.blogspot.com/
Also my blog: http://calroc.blogspot.com/



"The history of mankind for the last four centuries is rather like that of
an imprisoned sleeper, stirring clumsily and uneasily while the prison that
restrains and shelters him catches fire, not waking but incorporating the
crackling and warmth of the fire with ancient and incongruous dreams, than
like that of a man consciously awake to danger and opportunity."  --H. P.
Wells, "A Short History of the World"

More information about the tahoe-dev mailing list