Sunday, August 21, 2011

Secure Little Application Project? - Saving an idea at 6 AM

wakin' up in the moning
Gotta write now
Gotta save that idea....

ok... enough of the Friday spoof

Here's an idea for implementing a secure space for applications to run in an otherwise insecure host environment, leveraging VMware, Zen, Citrix, QEMM, or a separate physical box to run applications cut off from reality, and restricted to a strange little world, where the default answer to "can I have this?" is NO.

--- copied from my WikidPad page on my laptop ---

++ Secure Little Application Project

Slap, Slip, SL?P

Write the smallest possible operating system that fits inside a virtual machine. It would make requests across the net (or some other API) for everything, thus not able to infect the host system.

Like Secnurse, the application would be in its own address space, cut off from all the normal API calls, and thus couldn't break the host.

In it's own little world, applications would run, and request resources from a host program written in something like Delpi, C++, or whatever is convinient.

It would then be somewhat easy to provide file and folder services, not being bound to the normal rules of things, and all the hidden holes that go with undocumented "features" in the host environment.

Separating the app from the host environment is a good step
Having multiple versions of the service host to chose from helps make sure the code is clean.
Everyone can implement their own, and compete for better models of things.

Host - the PC running the VM
Guest - the application
Concierge - the program that gets everything for the guest

No comments: