Glimers of hope in OS security

On April 13, 2010, in security, virtualization, by Eugene

I hate band aids. No, not the kind you put on a scraped knee. I’m talking about the kind we’ve been layering on top of our broken software. Firewalls, intrusion detection systems, anti-virus, and perhaps the saddest of all, data loss prevention. They are all band aids we’ve invented because our underlying systems are fundamentally flawed, and will never be secure. And thus was born defense in depth.

There are times when you’ve made so many mistakes, and are in so deep, that it’s best to just start over. Of course, that’s not going to happen anytime soon. However, I still have hope that research into operating systems security can make a big impact in terms of improving end-point security, and reducing our reliance on expensive and ineffective products.

I recently came across a couple of promising projects. The first one, Qubes, is already available in a prototype form. This is an effort by Invisible Things Lab to design and implement a more secure OS. They liberally take advantage of virtual machine technology (and the latest hardware) to isolate one part of the system from all others. Even the networking subsystem runs in its own unprivileged “NetVM.” I think Qubes has a lot of potential, and I really hope it continues to mature.

The second development I read about is really just an idea at this point; it’s an academic research project, and is only now getting started. Using a hefty grant from the National Science Foundation, a professor at University of Illinois at Chicago is going to design and build a security-focused operating system called Ethos. Once again, the plan is to make use of Xen-based virtual machines to enforce isolation.

These attempts at improving the OS are still not hitting the root cause of most security issues (poorly designed software), but they are at least trying to mitigate the damage caused next time your browser’s Flash plug-in gets pwned. I think that’s a step in the right direction, at least until we’re ready to throw in the towel and start fresh with this whole “computing” thing.

 

1 Response » to “Glimers of hope in OS security”

  1. Dave McGuffey says:

    Eugene,

    Long time no see. Good to find your blog.

    WRT operating systems, many are actually getting better. Red Hat and Apple have continued to make great strides to make their operating systems stronger and more resilient to attack and better able to contain successful attacks. Over time SELinux has spread its wings over an ever larger number of system daemons and user-space applications. RHEL 6 (beta) extends SELinux to provide MAC protection of the kernel and cover the kvm virtual machines. It also provides some capability to sandbox applications. Oracle/Sun are working to embed an SELinux-like capability into Solaris. Win7 is stronger than its predecessors. I personally think MS is falling behind in the OS realm because of all the legacy code they are dragging around to support legacy apps…but they are moving forward.

    When one looks at the successful attacks, almost all are going into the application layer. There are tens of thousands of network-aware apps out there that were built with little to no security, and many are not supported by their developers with patches, preferring to wait for the next version release. Because there is so little incentive to develop apps that are more secure, maybe the only way forward is to consider all of them untrustworthy, and let the OS sandbox them all.

    Until we change the software engineer mindset, crappy vulnerable code will continue to hit the market.

    I hate lawyers, but I believe we’ve reached the point where Congress needs to invalidate those worthless software licenses and expose the developers to civil and criminal penalties for failing to do “due diligence” in the development cycle.