You've got a lot of hard won experience, I'll give you that... but the problem is a whole new layer, deeper than you're used to thinking about. Imagine if you built a old style fort, moved your troops in, and generally felt secure.... only to find out the bricks it was built out of were actually blocks of C4, and any one of them could send the whole place up in a flash.
If you can imagine that scenario... you know what computer security is really like, no matter how careful you are. Because Windows, Mac-OS, Linux, and pretty much every non-mainframe OS out there runs every line of code with the full privileges of a user account at all times, there's no way for a user to limit the scope of what a program does at run time.
The solution is to use an operating system that is designed from the ground up to simply ask which files the user wishes to operate on, instead of blindly trusting the program to do the right thing. This makes it possible for the user to limit side effects by design, which then makes it possible to have end nodes that are reasonably secure... which makes it possible to have real security.
I still don't see the change to things like Genode happening for at least 10 more years.
No comments:
Post a Comment