Tuesday, December 17, 2013

Project Snowball

I want to stack the following layers of code into a coherent collection of things that actually work...

Genode  (A capability based security, which uses an L4 trusted kernel)
Linux (which can run already as an app in Genode)
WINE (yeah, I want to run Windows apps)

I'm going to have to deal with QT5 for GUI elements, and my choice of programming languages to try to tie things together.

I want to lock Windows XP applications in sandboxes, in a way transparent to the application, and mostly to the user. This would allow legacy Win32 applications to get a non-proprietary fountain of youth, while also providing actually secure computing.
The main idea is to virtualize applications in such a way as to allow them to work... the way they always did... but not be able to compromise the OS, or anything else. Careful use of scripting to handle events such as file dialog boxes would make it also appear to work the same as it always did, to the user.

They don't have to know that the application actually writes changes to a temporary workset, and only gets true access to files that the user selected via Powerbox (that is made to look identical to the Windows File Open dialog), and then passed to the application via the simulated dialog box not shown to the user. Careful management of interfaces to the application, and to the user, can create a seamless native experience, without the insecurity.

Lots to learn, but at least we don't have to re-write any applications. 

Who is with me?

No comments: