

Europe funds secure operating system research - luckystrike
http://www.itworld.com/operating-systems/67026/europe-funds-secure-operating-system-research

======
asciilifeform
Reminds me of this:

[http://unqualified-reservations.blogspot.com/2007/07/my-
navr...](http://unqualified-reservations.blogspot.com/2007/07/my-navrozov-
moments.html)

 _The lily needed no gilding at all, and it certainly did not need to be
nanofabricated from isotopically pure, individually selected gold atoms.
Academic CS researchers at the time, for whatever ridiculous reason (probably
something to do with microkernels), thought that there should be many more
fine-grained security transitions in an OS environment. In fact if anything
the trend is away from multiuser computing and toward virtualized or "shared-
nothing" designs in which communication between protection domains is
minimal._

------
tptacek
Research needs to go into secure programming environments, not secure
operating systems. The vast majority of horrible security flaws never come
within a mile of the kernel.

~~~
Agent101
The point of secure operating systems is not to reduce the number of flaws in
the kernel. It is to make the authority gained by exploiting any single
program minimal. So it should make flaws less horrible.

~~~
tptacek
When I said "miles away from the kernel", I meant that the opportunity for the
kernel to address problems in the application layer were minimal. There's
little the kernel can to do, say, make SQL Injection less horrible.

~~~
Agent101
Personally I consider the fact that a random downloaded game run, by default,
could delete all your personal data a pretty big security flaw that can be
dealt with at the kernel level.

So we have different meanings of security flaw. Probably because you are
thinking of the security of a website, where I am more interested in securing
the average users PC.

~~~
tptacek
Read Dan Bernstein's retrospective on qmail, where he essentially disavows
"least privilege" controls on his programs (which were the heart of his
security model). Modern operating systems all offer some degree of privilege
revocation and code-level access control; none of them get used, because users
needs are too complex.

If a dent is really going to be made in this problem, it's going to happen in
Flash Player (or its more recent analogs, like Google NaCL).

~~~
Agent101
I'll grant you that current (and most proposed capability based) security
systems are too complex for the user to manage.

However the question on the table is research. We should be researching
security models that don't rely on the user to manage the complexity.

------
emsysman
This title says that funding is for secure operating system research. Contents
seems like its for making minix better. I am very skeptical about operating
system that fixes its bugs. It may become one more multics project. Though
micro kernel looks really good in theory, neither minix nor hurd have taken
off like linux or FreeBSD

~~~
eru
Anything new about exo-kernels?

~~~
wmf
They got renamed to hypervisors. One of my coworkers is still being funded by
DOE to do libOSes for HPC.

~~~
eru
Thanks.

------
Agent101
Research needs to be done into better operating systems, but I don't think it
is worth implementing too much of them.

Minix, from what I have read, isn't going to be a sufficient enough advance to
get the man on the street to adopt it. For that to be true it would have to
significantly easier to manage. While he advocates the principle of least
authority, he isn't currently innovating on how that authority gets passed on
to the programs. A lack of mechanism generally means it is up to the user to
do so, which puts some work load and cognitive effort on the user.

------
gaius
So that's €2.5 million for 5 people for 5 years. Assuming they already own
computers, that's €100,000/year each, and they don't even need to produce
anything at the end of it. Nice work if you can get it!

Remind me again why we're a member of the EU?

