Slashdot Mirror

← Back to Stories (view on slashdot.org)

One Laptop Per Child Security Spec Released

Posted by ScuttleMonkey on from the no-school-like-the-old-school dept.

juwiley writes "The One Laptop Per Child project has released information about its advanced security platform called Bitfrost. Could children with a $100 laptop end up with a better security infrastructure than executives using $5000 laptops powered by Vista? 'What's deeply troubling — almost unbelievable — about [Unix style permissions] is that they've remained virtually the only real control mechanism that a user has over her personal documents today...In 1971, this might have been acceptable...We have set out to create a system that is both drastically more secure and provides drastically more usable security than any mainstream system currently on the market.'"

5 of 253 comments (clear)

  1. A Stink-Rose by any other name... by SilentMobius · · Score: 3, Interesting

    From TFA
    "Beyond cyberthreats, the XO laptop will have an anti-theft system designed to render stolen laptops useless. Each XO is assigned a "lease," secured by cryptography, that allows it to operate for a limited period of time. The laptop connects to the internet daily and checks in with a country-specific server to see if it's been reported stolen. If not, the lease is extended another few weeks."

    Congratulations, you have destroyed this projects credibility, desirability and much of the good will that the open source community was providing.

    I wonder this would rule out any interaction with the GPL v3?

    --
    Loop, twist and loop again.
  2. Re:chmod, chown, etc.? by cduffy · · Score: 3, Interesting

    Once you do that, it isn't the traditional Unix model anymore -- it's something more like POSIX ACLs, which Linux *does* support, and which *does* provide the ability to give one group write while another has read.

    I think the traditional UNIX model is too simple to call bolting on an List of names and permissions used for Access Control (in place of the user/group/mask approach) a "trivial tweak".

  3. It isn't about ACLs. by jhantin · · Score: 4, Interesting

    It's the sandboxing. A program run by a given user doesn't automatically get the user's full permissions -- it only gets a small subset. For example, it can't open files from the user's home directory other than by calling a trusted system File Open dialog, which allows the user to select the file and returns an open file handle to the application (or in OLPC's case hardlinks the file into the chroot jail).

    In terms of research projects, see the secure scripting language E and the proof of concept CapDesk.

    Interestingly, in the commercial world it only seems to turn up in safe bytecode runtimes -- there's very little out there for native code. For an example of something similar in concept look at JNLP or ClickOnce deployers.

    --
    ...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
  4. Origin/rationale for name by dewarrn1 · · Score: 5, Interesting
    From the spec linked from the article, section 11:

    1227 In Norse mythology, Bifrost is the bridge which keeps mortals, inhabitants of
    1228 the realm of Midgard, from venturing into Asgard, the realm of the gods. In
    1229 effect, Bifrost is a powerful security system designed to keep out unwanted
    1230 intruders.
    1231
    1232 This is not why the OLPC security platform's name is a play on the name of the
    1233 mythical bridge, however. What's particularly interesting about Bifrost is a
    1234 story that 12th century Icelandic historian and poet Snorri Sturluson tells in
    1235 the first part of his poetics manual called the Prose Edda. Here is the
    1236 relevant excerpt from the 1916 translation by Arthur Gilchrist Brodeur:
    1237
    1238 Then said Gangleri: "What is the way to heaven from earth?"
    1239
    1240 Then Harr answered, and laughed aloud: "Now, that is not wisely asked; has
    1241 it not been told thee, that the gods made a bridge from earth, to heaven,
    1242 called Bifrost? Thou must have seen it; it may be that ye call it rainbow.'
    1243 It is of three colors, and very strong, and made with cunning and with more
    1244 magic art than other works of craftsmanship. But strong as it is, yet must
    1245 it be broken, when the sons of Muspell shall go forth harrying and ride it,
    1246 and swim their horses over great rivers; thus they shall proceed."
    1247
    1248 Then said Gangleri: "To my thinking the gods did not build the bridge
    1249 honestly, seeing that it could be broken, and they able to make it as they
    1250 would."
    1251
    1252 Then Harr replied: "The gods are not deserving of reproof because of this
    1253 work of skill: a good bridge is Bifrost, but nothing in this world is of
    1254 such nature that it may be relied on when the sons of Muspell go
    1255 a-harrying."
    1256
    1257 This story is quite remarkable, as it amounts to a 13th century recognition of
    1258 the idea that there's no such thing as a perfect security system.
  5. Re:One Treacherous computer per Child by kelnos · · Score: 4, Interesting

    Are you just trolling?

    If you'll RTFA (yeah, I know, no one does that...), the system can be completely disabled if the user so wishes. The purpose of the PKI is not to force someone to only use certain software; it's to help ensure that security updates haven't been compromised before getting to the laptop.

    As for installing another Linux distribution, would that even be possible at present? I doubt any other distro would run properly on the OLPC's custom hardware without extensive modifications. Sure, you can argue "but they should have the freedom to break it if they want" -- and they do, as the article says. All this stuff can be disabled. Overwriting the OS should disable the anti-theft daemon, since the anti-theft system is implemented entirely in software.

    I think the anti-theft provisions that turn the laptop into a brick are a bit much, but the actual spec (which I'm sure you didn't read either, as you're misquoting it) notes that the lease period can be set to any value (chosen by the country manager who distributes the laptop). A lease period of 3 months is given as an example. And in extreme circumstances, a USB drive with credentials that can be used to extend the lease period without needing access to the internet.

    At any rate, the spec mentions that the anti-theft system is only installed and enabled on the request of the country purchasing the laptops. So it's not like the OLPC group is forcing this on anyone. If the countries are spending the cash on these things, I think it's reasonable that they should be able to try to protect their investment.

    I have a decent number of reservations about the entire OLPC program, but c'mon, at least don't make up shit about it that isn't true.

    --
    Xfce: Lighter than some, heavier than others. Just right.