We're losing the war for general purpose computing.
We need to secure our computers before the war is lost and we no longer have them to secure.
The root cause (in my estimation) is a failure to use multilevel secure systems, such as the never shipped GNU Hurd, or the hopefully soon to be approachable, and steadily progressing Genode project. (German engineering to the rescue)
Back in the 1980s, it was possible to secure a computer using nothing more than MS-DOS and a few write protect labels. The hardware supported read-only mode on the storage media, and the media was easy to copy. Everyone had multiple copies of their OS, and their data. Copies were a few minutes investment, even on a machine with only one floppy disk. (You swapped A: and B: in the same drive, the OS kept track of which was which)
With this setup, you never had to worry about bricking your hardware, or losing your data. You could run ANYTHING in perfect safety.
In our current environment, our systems are so complex, there are nooks and crannies for malware to be implanted at almost any level. Thus the operating system, unlike in the MS-DOS days, MUST NOT let any program have direct access to the hardware, ever. The defaults fail on Mac, Linux, Windows, and MS-DOS was merely a program loader.
Multilevel Secure Systems do this, they are also known as Capability Based systems... unlike the capabilities used in "apps" like "can this app know your location", in capability systems, they are fine grained access to a file or other resource. The capabilities are granted by the user, through a system supplied dialog box, rather than the application supplied dialog in Windows, Linux, etc. This means that apps in a Capability Based system can't go rogue and plant bugs in the firmware, etc. Capability Systems make it possible to have actually secure computing once again.
If we can get capability based computing into the mainstream, then it becomes possible to experiment on our computers without fear. It becomes possible to surf the net without fear, and the people won't have to stay in walled gardens to feel safe.
We can turn this around, but capability based computing is a required step
And most people have never heard of it, nor used it on a computer.
We've all used capabilities in real life though... they're called wallets (or purses). A coin or dollar note is a capability. I was taught to deal with them at a very young age, as I'm sure were most of you.
Computers can make it as easy, drag and drop, or file dialogs (called PowerBoxes in secure systems) make it work the same way, from a user perspective.
No comments:
Post a Comment