[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] [Paper] Designing secure desktop operating system

To: "'Timo Sirainen'" <tss@xxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] [Paper] Designing secure desktop operating system
From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
Date: Sat, 31 Jul 2004 09:14:25 -0500

Fedora Core 2 from Red Hat is free and includes SELinux. Anyone been using
the test release of FC3?

-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Timo Sirainen
Sent: Saturday, July 31, 2004 4:16 AM
To: full-disclosure@xxxxxxxxxxxxxxxx
Cc: secureos@xxxxxxxxxxxxx
Subject: [Full-Disclosure] [Paper] Designing secure desktop operating system

[possibly somewhat off-topic here, secureos@xxxxxxxxxxxxx can be used
for discussion about it]

I've written down some ideas how I think it would be possible to
implement easy to use and quite secure graphical user interface and
operating system around it to make it possible. It's available at
http://iki.fi/tss/security/os.html

Currently I'd be very interested about hearing comments why my ideas
simply wouldn't work with certain kind of software or would be just too
much pain. Or some other fundemental technical problem why this could
never work. Or more positively, people who would be willing to
participate in more complete design or implementation.

To avoid too many replies for issues that are either addressed there or
aren't exactly relevant, please don't reply if you're only going to:

 - suggest using SELinux, Java sandboxes or similar (yes, maybe based on
them, that's not the point)
 - say how sandboxing limits usability and it would never be user-
friendly (it could)
 - say how user-friendliness and security are always mutually exclusive
(they're not)
 - say how it's going to be too difficult to users to keep updating
access control lists to run software they want (it's not needed)
 - confuse operating system with kernel (OS is more than just kernel)
 - say how no matter how "secure" you're trying to be, some people will
always bypass it and hurt themselves/others (yes, it's true for home
users)

I've heard all of those too many times already and I think they're all
answered well enough in the paper.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] [Paper] Designing secure desktop operating system
  - From: Timo Sirainen

Prev by Date: Re: [Full-Disclosure] Security Web Site Hosting
Next by Date: [Full-Disclosure] FullDisclosure: CWS removal tools
Previous by thread: [Full-Disclosure] [Paper] Designing secure desktop operating system
Next by thread: [Full-Disclosure] Re: Appliance-based security gateway?
Index(es):
- Date
- Thread