Security: Difference between revisions
mNo edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
== Introduction == |
|||
Security on and around the XOs includes |
|||
| ⚫ | |||
There are many ways that children involved in the OLPC effort might fail to benefit from their involvement. Some of these educational failures stem from security threats such as laptop theft, software interference, or socially malicious pranks. Therefore, we have created a [[Security#Threat Model|threat model]], a number of [[Security#Design|designs]], and several [[Security#Design|implementations]] that we think will help mitigate these threats. More information about these artifacts can be gleaned from other [[:Category:Security|pages on security]]. |
|||
* [[Firmware security]] -- how [[Open Firmware]] interacts with security |
|||
Unfortunately, providing truly dependable software is a '''challenging''' task at best. Fortunately, there are many ways that you can help out, both [[Developers|generically]] or [[Security#Contributions|particularly]]. Finally, if you are interested in speaking with [[security people]], know that they are readily available. |
|||
== Threat Model == |
|||
| ⚫ | |||
NB: The ''authoritative'' version of this document is [http://dev.laptop.org/git?p=security;f=bitfrost.txt;hb=HEAD;a=blob bitfrost.txt]. |
|||
== Design == |
|||
All software running on the XO could compromise the security goals of the XO users; however, only some of this software has been considered in light of the user's security goals and the Bitfrost threat model. |
|||
Some programs or classes of programs that have received particular scrutiny include: |
|||
; Activities |
|||
: [[Rainbow]], [[Taste the Rainbow]], and [http://dev.laptop.org/git?p=security;f=rainbow.txt;hb=HEAD;a=blob; the Rainbow design spec] deal with implementation and design of the activity isolation model suggested by Bitfrost. |
|||
; [[Open Firmware]] |
|||
: [[Firmware security]] and [[Early boot]] discuss how we address the security considerations of the firmware-OS level. |
|||
== Contributions == |
|||
You can contribute to the education received by hundreds of thousands of children this year by: |
|||
; writing software |
|||
: Review the documentation cited above, then bring your questions and patches to the [mailto://security@lists.laptop.org|security mailing list]. |
|||
; refining the threat model and mitigation strategies |
|||
: Did we miss an important threat (e.g. to privacy)? If so, please work with us to fix our model. |
|||
: Alternately, if you have expertise in a related field like sociology (''what notion of identity should our software reify?'') or criminology (''the who/what/where/why/how of stolen laptops''), please improve our theories and recommended practices. |
|||
; breaking assumptions |
|||
: Software 'security' is proven under fire. Here's your opportunity to crank up the heat. |
|||
; organizing other people |
|||
: Many people are capable of improving the security of their software but they some critical resource like knowledge, motivation, or criticism. Be a matchmaker. |
|||
; spreading the word |
|||
: Many of our ideas on software security are transferable to other operating systems and environment -- particularly to other Unix-like machines. Help port our software to another platform so that others can benefit from it and can help us improve it on their own terms. |
|||
[[category:security]] |
[[category:security]] |
||
Revision as of 00:01, 7 August 2008
Introduction
There are many ways that children involved in the OLPC effort might fail to benefit from their involvement. Some of these educational failures stem from security threats such as laptop theft, software interference, or socially malicious pranks. Therefore, we have created a threat model, a number of designs, and several implementations that we think will help mitigate these threats. More information about these artifacts can be gleaned from other pages on security.
Unfortunately, providing truly dependable software is a challenging task at best. Fortunately, there are many ways that you can help out, both generically or particularly. Finally, if you are interested in speaking with security people, know that they are readily available.
Threat Model
The threat model for the OLPC XO running Sugar is discussed in the Bitfrost summary and in the full specification.
NB: The authoritative version of this document is bitfrost.txt.
Design
All software running on the XO could compromise the security goals of the XO users; however, only some of this software has been considered in light of the user's security goals and the Bitfrost threat model.
Some programs or classes of programs that have received particular scrutiny include:
- Activities
- Rainbow, Taste the Rainbow, and the Rainbow design spec deal with implementation and design of the activity isolation model suggested by Bitfrost.
- Open Firmware
- Firmware security and Early boot discuss how we address the security considerations of the firmware-OS level.
Contributions
You can contribute to the education received by hundreds of thousands of children this year by:
- writing software
- Review the documentation cited above, then bring your questions and patches to the mailing list.
- refining the threat model and mitigation strategies
- Did we miss an important threat (e.g. to privacy)? If so, please work with us to fix our model.
- Alternately, if you have expertise in a related field like sociology (what notion of identity should our software reify?) or criminology (the who/what/where/why/how of stolen laptops), please improve our theories and recommended practices.
- breaking assumptions
- Software 'security' is proven under fire. Here's your opportunity to crank up the heat.
- organizing other people
- Many people are capable of improving the security of their software but they some critical resource like knowledge, motivation, or criticism. Be a matchmaker.
- spreading the word
- Many of our ideas on software security are transferable to other operating systems and environment -- particularly to other Unix-like machines. Help port our software to another platform so that others can benefit from it and can help us improve it on their own terms.