Thursday, August 04, 2005

I Will Be Out of the Office

I haven't blogged in a long time. I guess I should have caught up with this blog with the recent goings on, specifically the OK to commit that a cleaned-up version of ProPolice, the IBM stack smash protector research project, got from the gcc mailing list.

As of late I've been working and not working (depending on mood) on a paper about designing a secure and user friendly operating system. Between this and Star Ocean, my time is occupied with little news to put up here. I'll probably post a review of a book I read earlier, a nice piece for those interested in learning exactly how security attacks happen.

As for my paper, who knows how long that will take. It revolves around the proven work of the PaX, GrSecurity, ProPolice, and Hardened Gentoo projects, to name a few. From the openning:

"Defining a Secure and Friendly Operating System" is a general reference plan for designing a secure Linux distribution. The concepts in DaSaFOS are not aimed at creating a specialized operating system; but rather at creating a more generalized system which can function as a home user's desktop with high quality security and excellent performance. DaSaFOS brings together existing concepts and projects to describe what can be done today to make a more secure system.

There is much work to do. After finishing and publishing DaSaFOS, I will begin the basic design documentation and begin the search for funding. The pax-future documentation for PaX gives insight into a post-next-generation technology that would be interesting to research into and implement; by no means is current-day technology, even that unimplemented, feature-complete.

One major strategy is to design an online, inline information delivery system to educate the user on-the-fly as to proper security practices. As rediculous as this sounds, OSMOSIS or Online Simple Memoranda Offloading Secure Information Strategy is the name of the subproject I will eventually create to pursue this effort. By feeding the most important information in the simplest form to the user utilizing a non-invasive, non-intrusive, attention-grabbing interface, the last end of security can be held up. Any user can break his own security, and so our final efforts will be to teach them not to.

0 Comments:

Post a Comment

<< Home