EUIST

EUIST

Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

1 One Laptop Per Child (OLP)

October 12th, 2007 · No Comments ·

The Bitfrost approach is unique in the way that it adheres to four basic principles
Open Design, No Lockdown, No Required Reading and Unobstrucive Security.
The about Bitfrost principles are aimed towards five main goals
No User Passwords, No Unencrypted Authentication, Out-of-the-box Security, Limited Institutional PKI and No Permanent Data Loss

OLPC’s operating system is Linux-based. Bitfrost, the security platform used with OLPC is named after Bifröst, a bridge in Norske ­mythology that reaches from Earth to heaven and that intruders can not cross.Accordingly, Bitfrost implements defense in depth. While the idea of limiting permissions program by program dates back as far as 1959, it is not been adopted widely because it puts the burden on application writers to deal with security.Other Linux/Unix-based systems — including Apple’s Mac OS — run programs with authority limited to a local user. Unfortunately, the program can still delete user files, even if it can not touch the underlying system files.There is not one one magic system that will prevent any breaches or malware, but there are a series of technologies that make them less likely, mitigate the amount of harm when they do take place, and allow for disaster recovery when the worst happens.

To illustrate, instead of blocking specific viruses, the system sequesters every program on the computer in a separate virtual operating system. It also is preventing any program from damaging the computer, stealing files, or spying on the user.As a result of the above, viruses are left isolated and impotent, unable to execute their code. Naturally, this makes writing a virus a futile exercise since it will never able to execute the task it was written for.

This type of sandboxing is quite different than what Windows Vista uses. In the latter case we can say, Vista’s sandboxing is trying to impale sandboxing on something broken.

At this stage, Bitfrost allows only programs that are aware of it to run. In turn, it would make Linux incompatible with existing applications. The solution is for programmers to create ‘wrappers.’ These are small programs tacked onto existing applications to enable them to communicate with Bitfrost. But these wrappers have to be written first and this might happen by early 2007.

adheres to four basic principles Open Design, No Lockdown, No Required Reading and Unobstrucive Security.

Somewhere in the specification it also points out this goal:

No permanent data loss
Information on the laptop will be replicated to some centralized storage place so that the student can recover it in the event that the laptop is lost, stolen or destroyed.

One Laptop Per Child (OLPC) – security with Bitfrost
Software comes in two ways:

– malicious intend

– circumstantially malicious but otherwise benign

This is explained here

legitimate programs that have been exploited by an attacker (Please click on the link, Login as guest – click on this link again and voila free access)

BitFrost intends to address this problem by adding a new level of permissions that applies to code, not users:

code access security.

Bitfrost is the OLPC security platform get a non-technical introduction to the security problems it tries to address

    The OLPC XO laptops provide just such a facility. Program installation does not occur through the simple execution of the installer, which is yet another program, but through a system installation service which knows how to install XO program bundles. During installation, the installer service will query the bundle for the program’s desired security permissions, and will notify the system Security Service accordingly. After installation, the per-program permission list is only modifiable by the user through a graphical interface.

Correlating Bitfrost and Threats

If you want to read a more technical desciption of the security suite being integrated with Bitfrost, see here:

One Laptop Per Child (OLPC) – security with Bitfrost – explanation for geeks

we wish to have the ability to execute generally untrusted code, while severely limiting its ability to inflict harm to the system.

Bitfrost does have a drawback. It limits interactions between applications. Nonetheless, most applications do not need any interaction.

SUBSCRIPTION

To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.



|

→ No CommentsTags: bitfrost · child · gram · introduction · laptop · olpc · wrappers