Syllable Forum Index Syllable
Syllable Forums
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Technical Details

 
Post new topic   Reply to topic    Syllable Forum Index -> Syllable Desktop
View previous topic :: View next topic  
Author Message
orclev



Joined: 04 Jan 2008
Posts: 3

PostPosted: Fri Jan 04, 2008 3:35 pm    Post subject: Technical Details Reply with quote

I'm thinking about trying to start development on a new OS, but during the course of my research I came across Syllable and I'm curious about some of its technical details. On the surface it doesn't appear that the design goals I have in mind for my OS and the goals of Syllable are incompatible, although they do differ. Specifically, I'm interested in security aspects of the OS. What sorts of design decisions have you made that improve the kernel and applications security? Do you have any sort of signing on the application binaries, and what kind of permissions system do you employ? Also, is it microkernel, or monolithic, or some other flavor?
Back to top
View user's profile Send private message
Kaj
The Knights of Syllable


Joined: 14 Sep 2007
Posts: 2204
Location: Friesland

PostPosted: Fri Jan 04, 2008 4:13 pm    Post subject: Reply with quote

It's a highly modular monolithic kernel. The system employs the Unix security model, although it hasn't been fully implemented yet. Someone has been working on a specific security infrastructure for the high-level system, but we have little hope of ever receiving it. If you want to work on security in Syllable, you're very welcome.
Back to top
View user's profile Send private message Visit poster's website
orclev



Joined: 04 Jan 2008
Posts: 3

PostPosted: Fri Jan 04, 2008 4:18 pm    Post subject: Reply with quote

I'm going to need to think about it, and also poke around in the source some. From the sounds of what I'm reading in other posts a number of design decisions have been made at various levels that although sound from the standpoint of trying to simplify things for users and developers would make it difficult or impossible to implement the sort of robust security I'm considering. If I can see a way of reworking things to support the various security ideas I had without causing anyone a lot of grief (that is breaking your goal of simple development/use) I'll let you know.
Back to top
View user's profile Send private message
Vanders
The Knights of Syllable


Joined: 14 Sep 2007
Posts: 849

PostPosted: Fri Jan 04, 2008 4:38 pm    Post subject: Reply with quote

We'd be interesting in implementing a simplified capabilities type security model based on ACLs, but a full blown capabilities model would probably be too complex to work for Syllable. Likewise the idea of signing executables might be problematic, depending on exactly what you have in mind.

I'd be interested in hearing more of your ideas.
Back to top
View user's profile Send private message Send e-mail
orclev



Joined: 04 Jan 2008
Posts: 3

PostPosted: Fri Jan 04, 2008 7:10 pm    Post subject: Reply with quote

Well, essentially the biggest problem concerning security that all OS implementations for the most part fail to address is preventing modified binaries from executing without user permission. A simple solution is to sign all binaries that have been authorized, and to prevent binaries with invalid signatures from running. The way I envision the system running is that part of the install process of the OS generates a random private key that's used to sign all binaries that the user approves of. The private key should be stored such that it's inaccessible from any non-kernel process, and it's the responsibility of the kernel to sign all applications. This of course leads to problems with genuine application patches, but I think that can be worked around by having authors generate private keys and use those to sign the original application as well as all authorized updates. Someone else mentioned a update application/service in another thread, and this sort of functionality could be built into that. Anything updated through that service that has a author signature that matches on both the binary and the update automatically gets signed by the OS as well assuming the binary was signed to begin with.

As for ACLs/Capabilities I haven't given as much thought to that, but I do think a training style system in which users are asked to approve of at a bare minimum certain broad categories of actions would be a good start. An example would be the first time an application attempts to open a network connection the user should be prompted to authorize that action either temporarily or permanently for that application. Assuming it's already using a custom binary format to handle signing, adding an extra approval block to store approved actions should be straight forward.

Of course all this adds a great deal of complexity and overhead, which is why I'm thinking my ideas are not a good fit for your project which appears to be aimed at providing a simple system, where as my primary goal is providing as bullet (and virus) proof a system as I can. Essentially while your motivation is to provide an OS for the common man so to speak, my motivation is to provide an OS that will utterly eradicate bot nets and viruses, even if it imposes a certain overhead on both the system and the developer. I think in many ways the developers of Vista were on the right track, but they made some rather critical mistakes along the way. First and foremost among their mistakes is that they needed to maintain backwards compatibility with XP, which meant no matter how secure they made Vista, the old insecure applications from XP would still leave gaping security holes. They also failed I think to refine their security warnings to a level that is useful to the common person. Instead of asking for permission every time the application does anything at all, it should be only during particular operations and it should be blatantly clear in the dialog exactly what the operation is, and what dangers it posses for the user. They further could have improved the warnings by redesigning default permissions and application patterns to reduce the risk of certain common behaviors such as accessing disk storage. Each application should be allocated its own secure storage area, and only require permission to read and write files belonging to other applications or in other areas.

At this point I think I'm beginning to ramble a bit much, so I'm going to end this post. I hope this however gives you some idea of what I'm hoping to accomplish and where I'm coming from.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Syllable Forum Index -> Syllable Desktop All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group