Tuesday, June 24, 2008

The sorts of things I talk about at work

Virtualization is successful because operating systems are weak.

Machine-level virtualization using solutions like VMware or XEN is the common solution for the current weakness of commonly available OS's when it comes to isolating users and their applications from one another. But machine-level virtualization adds yet more complexity, and merely pushes the vulnerabilities upwards. You get isolation between applications, but at the cost of greatly increased maintenance -- instead of one OS, you have to maintain multiple OS's (one per virtualized machine). Looking back at the Verizon study and its patching policy questions, and realize that this increases the patching problem exponentially. The question is whether we can retrofit current operating systems with the sort of OS-layer features that would allow avoiding the complexities of hardware-layer virtualization while still creating the bulkheads between applications (and OS!) that we agree are necessary given the poor application-level security of commonly-available applications. (Watch this space, it's a scenario in much discussion in circles like the Jericho Forum).

To a certain extent we've been going backwards since the failure of the Multics Project to produce a system competitive on a price-performance basis. Compare the security model of Multics (which as far as I know never suffered a security breach) with that of any currently-extant OS. Now, I am quite cognizant of the many failings of Multics as an OS (mostly due to the antiquated GE hardware it was implemented upon, which forced numerous compromises in system design), but the point is that we do not have a single OS in common use today which implements what we knew was good security back in 1975. Thirty years, and no progress. Computer science is an oxymoron, we do not learn from the past, we just keep re-implementing its mistakes.

-- Badtux the Security Penguin

No comments:

Post a Comment

Ground rules: Comments that consist solely of insults, fact-free talking points, are off-topic, or simply spam the same argument over and over will be deleted. The penguin is the only one allowed to be an ass here. All viewpoints, however, are welcomed, even if I disagree vehemently with you.

WARNING: You are entitled to create your own arguments, but you are NOT entitled to create your own facts. If you spew scientific denialism, or insist that the sky is purple, or otherwise insist that your made-up universe of pink unicorns and cotton candy trees is "real", well -- expect the banhammer.

Note: Only a member of this blog may post a comment.