Peter Gutmann wrote:
> Just a general thought, it seems like the OLPC security
design is a real-world
> implementation of Bill Cheswick's "Windows
OK" proposal. See for example
> h
ttp://usablesecurity.com/2005/07/07/bill-cheswick/ for
more on this (modulo
> the comments on "feature starvation", which
don't apply to the OLPC design).
The systems are similar in their desire to offer no-frills
protection,
but I think the similarities end there. If I had been trying
to simply
lock the machines down, as is the essence of Cheswick's
proposal, my
task would have been extremely simple. The resulting
security model
would also have gone against everything OLPC's educational
principles
stand for.
I think you'll find that moving (even mentally) from
"protection by not
running untrusted code" to "usable protection
_while_ running untrusted
code" involves a few trips through a labyrinth sitting
on top of a mine
field, with the exit guarded by a killer rabbit. It's also
certainly
possible I'm not smart enough, and other people find this to
be an
easier problem.
--
Ivan Krstić <krstic solarsail.hcs.harvard.edu> | GPG:
0x147C722D
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
|
