Security: Difference between revisions
m (→Design) |
m (Reverted edits by 200.89.84.90 (Talk) to last revision by Quozl) |
||
(17 intermediate revisions by 5 users not shown) | |||
Line 9: | Line 9: | ||
The threat model for the OLPC XO running Sugar is discussed in the [[Bitfrost]] summary and in the [[OLPC Bitfrost|full specification]]. |
The threat model for the OLPC XO running Sugar is discussed in the [[Bitfrost]] summary and in the [[OLPC Bitfrost|full specification]]. |
||
NB: The ''authoritative'' version of this document is [http://dev.laptop.org/git |
NB: The ''authoritative'' version of this document is [http://dev.laptop.org/git/security/tree/bitfrost.txt bitfrost.txt]. |
||
== Design == |
== Design == |
||
Line 15: | Line 15: | ||
All software running on the XO could compromise the security goals of the XO users; however, only some of this software has been considered in light of the user's security goals and the Bitfrost threat model. |
All software running on the XO could compromise the security goals of the XO users; however, only some of this software has been considered in light of the user's security goals and the Bitfrost threat model. |
||
Some programs |
Some programs, classes of programs, and features that have received particular scrutiny include: |
||
; Activities |
; Activities |
||
: [[Rainbow]] |
: [[Rainbow]] deals with implementation and design of the activity isolation model suggested by Bitfrost. |
||
; [[Open Firmware]] |
; [[Open Firmware]] |
||
: [[Firmware security]] and [[Early boot]] discuss how we address the security considerations of the firmware-OS level. |
: [[Firmware security]] and [[Early boot]] discuss how we address the security considerations of the firmware-OS level. |
||
; [[Theft-deterrence protocol]] |
; [[Theft-deterrence protocol|Theft deterrence]] |
||
: [[User:Mstone/Commentaries/Security_1]] examines the security requirements of the ''first-boot activation'', ''passive-kill'', and ''active-kill'' features. Elsewhere, the impact of [http://lists.laptop.org/pipermail/security/2008-June/000441.html signature delegation] on theft-deterrence goals and security is analyzed. |
: [[User:Mstone/Commentaries/Security_1]] examines the security requirements of the ''first-boot activation'', ''passive-kill'', and ''active-kill'' features. Elsewhere, the impact of [http://lists.laptop.org/pipermail/security/2008-June/000441.html signature delegation] on theft-deterrence goals and security is analyzed. |
||
; Software update |
|||
: [[Software update]], [[Olpc-update]], [[OFW NAND FLASH Updater]], [[Nandblaster_for_XO-1]], [[Nandblaster_for_XO-1.5]] and others are programs for getting new software onto an XO. |
|||
: [[User:Mstone/Commentaries/Mass olpc-update]] discusses the interactions of [[olpc-update]] and the [[theft deterrence protocol]]. |
|||
== Contributions == |
== Contributions == |
||
Line 41: | Line 45: | ||
; organizing other people |
; organizing other people |
||
: Many people are capable of improving the security of their software but |
: Many people are capable of improving the security of their software but for the lack of some critical resource like knowledge, motivation, or criticism. Find and provide the missing piece. |
||
; spreading the word |
; spreading the word |
||
: Many of our ideas on software security are transferable to other operating systems and |
: Many of our ideas on software security are transferable to other operating systems and environments -- particularly to other Unix-like machines. Help port our ideas or software to another platform so that others can benefit from them and can help us improve them on their own terms. |
||
== Procedures == |
== Procedures == |
Latest revision as of 14:02, 8 October 2010
Introduction
There are many ways that children involved in the OLPC effort might fail to benefit from their involvement. Some of these educational failures stem from security threats such as laptop theft, software interference, or socially malicious pranks. Therefore, we have created a threat model, a number of designs, and several implementations that we think will help mitigate these threats. More information about these artifacts can be gleaned from other pages on security.
Unfortunately, providing truly dependable software is a challenging task at best. Fortunately, there are many ways that you can help out, both generically or particularly. Finally, if you are interested in speaking with security people, know that they are readily available.
Threat Model
The threat model for the OLPC XO running Sugar is discussed in the Bitfrost summary and in the full specification.
NB: The authoritative version of this document is bitfrost.txt.
Design
All software running on the XO could compromise the security goals of the XO users; however, only some of this software has been considered in light of the user's security goals and the Bitfrost threat model.
Some programs, classes of programs, and features that have received particular scrutiny include:
- Activities
- Rainbow deals with implementation and design of the activity isolation model suggested by Bitfrost.
- Open Firmware
- Firmware security and Early boot discuss how we address the security considerations of the firmware-OS level.
- Theft deterrence
- User:Mstone/Commentaries/Security_1 examines the security requirements of the first-boot activation, passive-kill, and active-kill features. Elsewhere, the impact of signature delegation on theft-deterrence goals and security is analyzed.
- Software update
- Software update, Olpc-update, OFW NAND FLASH Updater, Nandblaster_for_XO-1, Nandblaster_for_XO-1.5 and others are programs for getting new software onto an XO.
- User:Mstone/Commentaries/Mass olpc-update discusses the interactions of olpc-update and the theft deterrence protocol.
Contributions
You can contribute to the education received by hundreds of thousands of children this year by:
- writing software
- Review the documentation cited above, then bring your questions and patches to the security mailing list (subscribe).
- refining the threat model and mitigation strategies
- Did we miss an important threat (e.g. to privacy)? If so, please work with us to fix our model.
- Alternately, if you have expertise in a related field like sociology (what notion of identity should our software reify?) or criminology (the who/what/where/why/how of stolen laptops), please improve our theories and recommended practices.
- breaking assumptions
- Software 'security' is proven under fire. Here's your opportunity to crank up the heat.
- organizing other people
- Many people are capable of improving the security of their software but for the lack of some critical resource like knowledge, motivation, or criticism. Find and provide the missing piece.
- spreading the word
- Many of our ideas on software security are transferable to other operating systems and environments -- particularly to other Unix-like machines. Help port our ideas or software to another platform so that others can benefit from them and can help us improve them on their own terms.
Procedures
Some day soon, we'll try to write up some simple procedures to ease the task of making the security contributions described above. Ping the security list (subscribe) if you want this up.
Thanks
Many people, both named and anonymous have contributed to the security of software available on the XO and hence to the quality and power of the education received by hundreds of thousands of kids this year. If you or your organization would like to be recognized for your contributions, please add your name and affiliation to the Security credits page along with a brief description of what you worked on.