Sunday, August 27, 2017

Yet another cabsec rant in response to yet another article blaming the wrong thing

With the currently available crop of consumer oriented operating systems, it is simply NOT POSSIBLE to make a secure device. None of them offer capability based security.... the operating system equivalent to modern electrical standards... imagine trying to hook up every appliance everywhere, with no circuit breakers, no standard outlets, no grounding, no conduit, all supported by post and spool insulators.

Once a program is run, it gets trusted with all authority of the user running it. There are no effective measures to limit the side effects (and thus risk/damage) that a given chunk of code can do.

Another equivalent is like building a Fort out of stacks of C4 explosives.

Until we get HURD, Genode, or a modern replacement for KeyKOS, we can't make secure devices. Stop blaming the developers, or users, or chip makers... it's not their fault. It's the fault of every Linux, MacOS, or Windows fanboy in the world.


Posted to /. last night.