Secure Operating System Challenges

I am a big fan of innovation and according to an article from the WSJ at http://blogs.wsj.com/biztech/2008/11/19/making-pcs-as-reliable-as-brakes/, Green Hills, a software company that makes operating systems for medicial equipment and brakes, is planning to develop a “secure layer” for Windows operating systems, particularily the desktop environment.  While I think what Green Hills is trying to do is great, and the purpose of this blog posting is not to rain on their parade, I do see some key challenges in addition to those called out in the WSJ article, they are:

  • If your operating system has a defined, well known set of scenarios (as in the case with brakes, and medical systems) then it’s pretty easy to secure.  There’s a set of valid scenarios (white list) and conversely anything outside that set of valid scenarios is an invalid scenario (black list). But what if that set of valid scenarios is very large, as in the case of operating systems for the desktop market? What if that valid set isn’t even defined? How would you effectively secure something like this?
  • Operating systems for the desktop market need to integrate with lots of “stuff”.  People install third party software onto their operating systems, and it all needs to work together and do it all securely.  Each one of these foreign applications creates a new trust boundary that could potentially represent new attack surface.  Could a “secure layer” reasonably manage all these boundaries? And if it could, would that system still be performant enough to be usuable?
  • The Windows of today (security-wise) is nothing like the Windows of before. I remember doing penetration tests in early 2000-2006 and praying that somewhere in the list of targets there was a Windows system, because compromising them was just so easy.  Nowadays, it’s almost reversed — Windows is a lot harder, not impossible, to compromise (mostly due to the guidance, tools and best-practices prescribed by the Microsoft SDL). So if you buy into the notion that Windows systems are more secure these days, what additional value could a “secure layer” provide?  Better question, what additional value could a “secure layer” provide that someone would be willing to pay for?
  • It’s no longer just about security. Modern day operating systems for the masses need to also be cognizant of threats to privacy — could a “secure layer” account for privacy concerns?
  • Even if all of the above could be accomplished, how usable would that operating system be? Functionality and security share an inverse relationship: the more secure an application is made, the less functional it becomes. Could average users like grandma still easily use this highly-secure system?

If Green Hills can take their experience and expertise in building highly-secure operating systems for single function systems, and successfully transition that expertise to highly-secure multi-function systems, then kudos to them!

–Kevin

Advertisement
This entry was written by Kevin Lam and posted on November 27, 2008 at 12:33 am and filed under Security. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Required fields are marked *
*
*

Follow

Get every new post delivered to your Inbox.