Saturday, December 31, 2005

Capabilities in 2010, or bust

Musings at 3:45 AM...

I'm sitting here, wondering just what it takes to change the world. My goal is simple, to get a secure operating system written by 2010. I'm firmly convinced that Capabilities is the way to get there...

Just how much effort does it take to change the world? I've heard that it's as simple as refusing to go along with indifference, which I suppose is possible if you happen to be right at a tipping point. If you're not that lucky, I assume it takes more work. Maybe you have to find the tipping in progress and help it out a bit...

My challenge is to overcome my own bad habits, work within my limitations, and muster the forces required to research and develop a capabilities based security model layer to replace the access control lists that currently handle the security needs of pretty much every computer out there.

I'm willing to make some tradeoffs, of course...
#1. I don't expect to be able to boil the ocean, so I just want to make something available, and let the market decide if it's a good idea
#1a. So I have to make something that's usable by the leading edge
#1b. I have to justify the effort required to switch

#2. I don't expect to write this myself, because I'm just one guy... and I'm not a programmer

#3. I'm willing to accept help from everyone


Now... here's why this stuff is being written instead of me getting some sleep.

We've had yet another hole in Windows, which threatens everything... we'll do what it takes to patch the hole, and go back to sleep... a reactive behavior pattern which doesn't actually fix the problem. This drives me nuts!

Its a tragedy, and we're all players... it's time to get off the merry go round, and actually do something different... we need to be proactive, and explore real solutions.

How do you know you've got a secure OS?

Simple...

When you can run ANYTHING on it, at ANY time, with NO FEAR.

If you've got a secure OS, you'd be willing to take a CD from any random person on the street, stick it in, and run the damned thing because you know your OS will only allow it to do exactly what you've specified, and nothing else.

If you've got a secure OS, you know that NO application can ever take over the OS, unless you explicitly given it the capability to do so, and haven't revoked it.

If you've got a secure OS, you never have to run a virus scan again, EVER.

If you've got a secure OS, you can just get your work done, and get on with life.

The operating systems we're all using including Windows, Mac OSX, and Linux all are based on some form of username/password with access control lists... which was great 20 years ago, but it's time to move on. We need to put forth the effort to get Capabilities out of the lab, and on to our servers and desktops.

We need to LEAD the world, and make a quantum leap forward (ouch... cliche') in security... and this, I think, is the way forward.

I ask every one of you for whatever help you can give to make this happen. I'll do what I can in return.

Thanks for your time and attention.

--Mike--

1 comment:

Daniel Nicolas said...

I don't want a secure OS. I want an open OS.

secure = not connected