Security and the $100 Laptop

gondaba writes "The One Laptop Per Child project is actively recruiting hackers to help crack the security model of the $100 laptop to avoid the obvious risks associated with what will effectively be the largest computing monoculture in history. From the article: 'The key design goal, Krstic explained, is to avoid irreversible damage to the machines. The laptops will force applications to run in a "walled garden" that isolates files from certain sensitive locations like the kernel. "If we discover vulnerabilities, the security model must hold up enough that even a machine that is unpatched won't be easily exploitable. This gives us a bit of diversity to avoid the monoculture trap," he added.'"

Could actually be a problem

[Sycraft-fu]

Not for MS but for MS's competitors. Can't really claim MS is a monopoly anymore if there's 100 million systems running a non-MS OS. That means that they are free to do as they please, for the most part, when it comes to locking people out of their OS. Most anti-competitiveness statues only affect monopolies. Companies that face competition are generally allowed to be as anti-competitive as they like.

No data, but quite a processing network

[Inhibit]

That's true. The fact that the machines don't have appreciably large hard drives, heavy processing power, and won't have constant high-bandwith internet connections might do a lot for them.

On the other hand, there are going to be a *lot* of these machines. So I suppose they might make a tempting target "just because" or simply for bulk processing.

Re:virtualize the applications

[RAMMS+EIN]

How are virtual machines going to help here? What protection do virtual machines grant that the operating itself doesn't grant? What undesireable restrictions do virtual machines impose? If you work around these restrictions, will the system be more or less secure than without virtual machines? If you don't work around these restrictions, will the system be usable?

As far as I'm concerned, running applications should already be separated from one another. This leaves interaction through the file system and IPC (inter-process communication).

Virtual machines take away the interaction through the filesystem, as well as local IPC. The latter doesn't actually necessarily make the system more secure, as it makes it more difficult to tell if IPC is safe (on the virtual network) or open to attacks (on the real network). At any rate, IPC will be less efficient, because you lose shared memory IPC.

By taking away common filesystem access and complicating IPC, applications become less usable. How do you get the file Alice sent you by email to your word processor? How do you copy-paste from one application to another? How do you do process management, when the process management tools are made for a single machine, but you have everything runnig under virtual machines?

Once you work around these restrictions, what will you be left with? Are you going to re-introduce common filesystem access and create a drag-and-drop interface that works accross virtual machines? When you've done so, won't you have a system that has pretty much the same capabilities as one that isn't based on loads of virtual machines, except that your system is much more complex? Won't that complexity introduce new bugs and vulnerabilities? Will the system not be too slow to be usable?