I have been looking into ways to make my systems the most secure as possible, but making sure my users are able to do their work. One the things I have been following is the use of micro-kernels; this reduces your "Attack Surface" since there is less of the kernel to attack. Also there is a micro-kernel (SEL4) which has been verified by means of Formal Methods to be a very secure kernel. However it is not available for use as a Linux kernel replacement. Its cousin L4 can be used as a Linux kernel replacement very certain functions which I may be looking into.
Another method of securing the system is to look into Trusted Computing. They are generated a trusted system by starting at the boot level. There is code available to verify if the BIOS boot-loader can be trusted. Then the next step is to see if the GRUB or LILO loader can be trusted and finally testing to see if the OS that is loaded can be trusted. Unfortunately there has been problems; Trusted Computing has been advertised as a means to make sure that copyrighted material is not copied and are being controlled by the copyright owner. There has been many cases like Sony and others where the copyright control has gone to far. Another problem is that the chain of trust starts at the BIOS level and it has been shown that a rogue BIOS can be planted on one of the peripheral devices and use to bypass the chain of trust of the main BIOS on the motherboard. These issues might explain why there has not been much work on Trusted Computing since 2008.
No comments:
Post a Comment