Links

Ben Laurie blathering


Red Pill/Blue Pill

As I have mentioned before, Abe Singer and I wrote a paper on giving up on general purpose operating system security, and instead performing all your security-important online operations from a separate device.

Anyway, we presented this at NSPW, and based on feedback we got there, we’ve now revised (actually, rewritten) “Take the Red Pill and the Blue Pill”.

1 Comment

  1. Re: “It is our view that it is infeasible to secure an operating system sufficiently to counter this threat without also making it quite unpleasant to use: it will be inflexible and the user interface will be boring and clunky.”

    This seems to be a rather widespread view. Yes, it seems difficult, but is it actually infeasible?
    I feel that a capability-based operating system might achieve this difficult usability problem, but that’s just intuition, not proof. In any case, you are right that it would be difficult to transition all the existing operating systems to a fundamentally different (and secure) alternative.
    It may be possible to offer some migration path, just like managed runtimes offer modern APIs (and language safety) on top of old and unsecure OS primitives.
    Obviously, in the browser world, DHTML would have to go extinct, and its replacement would probably be a Caja++ with a safe DOM and a safe browser (to enforce clear UI ownership, ie. no clickjacking) 😉

    It is a challenge, but I don’t think we should give up 😉

    Comment by Julien Couvreur — 4 Dec 2008 @ 0:29

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress