The Iron Yuppie
Thought[ful|less] coverage of news, politics, technology and anything else that catches my fancy.Thursday, January 27, 2005
Coyotos Secure Operating System
I see this kind of thing all the time, and not just in software. "Blah is broken; we need to totally rewrite/rerelease/throw-out the old version of blah!" I'd like to quote Joel on Software here:
[They made] the single worst strategic mistake that any software company can make:They decided to rewrite the code from scratch.
Don't throw away, reuse! I was a big fan of this theory in '99-2000 when I was the CTO of a company and yet when the VCs came in and said throw it all out, I did! Never again (he says with ominous sounds in the background).
To the point at hand, as an intellectual exercise, this new "secure" operating system is interesting. But you will have no users of it except in very limited custom applications, you will have no apps for it and, more importantly, the time spent designing this operating system from scratch would be much better spent on securing (either in code, or through procedures) existing operating systems. Linux, MacOS, Windows XP, etc etc all have the ability to be far more secure than you would ever need, and the only reason they are or are not is because application vendors need a little insecurity or else it would be brutally hard to run ("You just double-clicked an application that has not be dual signed by two trusted parties, would you like to run it?")
So why a Coyotos? The reason is that it's an object-capability OS, and only object-capability security addresses two major flaws in the traditional ACL model that Windows, Mac OS X, Linux... use. They are the Confused Deputy Problem and the Grant Matcher Puzzle. The overwhelming majority of security issues that Windows exhibits are of the Confused Deputy type.
You can indeed paper over a lot of the issues in Windows; see Polaris: Toward Virus Safe Computing for Windows XP (PDF) for an initial attempt. But pay careful attention to the limitations and consider the costs that this approach imposes in the form of installing an external "shell" and the overhead of some of the file-copying operations that it performs under the covers.
So while it's true that something like Coyotos isn't like to ever become mainstream, what will hopefully happen is that it will inspire the Microsofts and Apples and Linus Torvalds of the world to migrate from ACLs to object-capability security in future OS releases.
<< Home
Archives
10/01/2003 - 11/01/2003 11/01/2003 - 12/01/2003 12/01/2003 - 01/01/2004 01/01/2004 - 02/01/2004 02/01/2004 - 03/01/2004 03/01/2004 - 04/01/2004 04/01/2004 - 05/01/2004 05/01/2004 - 06/01/2004 06/01/2004 - 07/01/2004 07/01/2004 - 08/01/2004 08/01/2004 - 09/01/2004 09/01/2004 - 10/01/2004 10/01/2004 - 11/01/2004 11/01/2004 - 12/01/2004 12/01/2004 - 01/01/2005 01/01/2005 - 02/01/2005 02/01/2005 - 03/01/2005 03/01/2005 - 04/01/2005 04/01/2005 - 05/01/2005 05/01/2005 - 06/01/2005 06/01/2005 - 07/01/2005 07/01/2005 - 08/01/2005 08/01/2005 - 09/01/2005 09/01/2005 - 10/01/2005 10/01/2005 - 11/01/2005 11/01/2005 - 12/01/2005 12/01/2005 - 01/01/2006 01/01/2006 - 02/01/2006 02/01/2006 - 03/01/2006 03/01/2006 - 04/01/2006 04/01/2006 - 05/01/2006 05/01/2006 - 06/01/2006 06/01/2006 - 07/01/2006 07/01/2006 - 08/01/2006 08/01/2006 - 09/01/2006 09/01/2006 - 10/01/2006 10/01/2006 - 11/01/2006 11/01/2006 - 12/01/2006 12/01/2006 - 01/01/2007 01/01/2007 - 02/01/2007 02/01/2007 - 03/01/2007 03/01/2007 - 04/01/2007 04/01/2007 - 05/01/2007 05/01/2007 - 06/01/2007 06/01/2007 - 07/01/2007 08/01/2007 - 09/01/2007 10/01/2007 - 11/01/2007 11/01/2007 - 12/01/2007 12/01/2007 - 01/01/2008 01/01/2008 - 02/01/2008 02/01/2008 - 03/01/2008 06/01/2008 - 07/01/2008 07/01/2008 - 08/01/2008 08/01/2008 - 09/01/2008 10/01/2008 - 11/01/2008
Subscribe to Posts [Atom]