Computer Security from bottom-up with a “clean slate”

Posted on by

This is my first post in my new blog and I would like to start with this interview to Robert Watson (Cambridge University UK) on IEEE Spectrum which I found interesting. The main points in my opinion are:

The role of operating system security has shifted from protecting multiple users from each other toward protecting a single…user from untrustworthy applications.…Embedded devices, mobile phones, and tablets are a point of confluence: The interests of many different parties…must be mediated with the help of operating systems that were designed for another place and time.

[…]

in historic systems, large multiuser computer systems, you know, we had these central servers or central mainframes, lots of end users on individual terminals. The role of the OS was to help separate these users from each other, to prevent accidents, perhaps to control the flow of information. You didn’t want trade secrets leaking from, perhaps, one account on a system to another one.

[…]

So the observation we make on these new end-user systems like phones is that what we’re trying to control is very different. The phone is a place where lots of different applications meet. […]  And on phones today, we encourage users to download things all the time. So what has changed now? Well, we’ve deployed something called sandboxing inside of these phones so that every application you download runs inside its own sandbox. And that is a very different use of security. And it is provided by the operating system, so it’s still a function of the operating system.

The main point is that we should re-think security from bottom-up starting with a new paradigm for the OS primitives, the main scenario which we should add to the historical one is the single-user multiple-untrusted applications, whereas all our OSes have been designed for the multiple-users multiple-trusted applications scenario.

This also reminds me of Qubes and Bromium which are efforts to obtain a larger control on applications by using microkernels and Virtual Machines as underlying OS.

An article by Watson will be published in the February 2013 issue of Communications of the ACM.