OLPC and Security

The One Laptop Per Child (OLPC) project has an interesting take on building security for the laptop. Here is my list of why the OLPC is especially vulnerable to security issues.
  • 100's of millions of these near identical laptops will be produced, making it a target for crackers.
  • The OLPC group want the child to be able to hack their own laptops, get right down to the code.
  • Some of the children are going to be very young, entering a password or even replying to dialog prompts may be asking too much.
  • These devices automatically connect to each other and automatically connect to the Internet.
So what will they be doing to improve security? They have a system called Bitfrost, which comes from Norse mythology, where Bitfröst is the bridge which keeps mortals who live in Midgard from venturing into Asgrad, the realm of the gods.
  • Nearly all programs running on the laptop will be running in a fortified chroot, sort of like BSD jail.
  • Programs will store their data on a new object oriented filesystem. This filesystem will automatically keep backups and store different versions of the files. There are limits on what directories a program can read or write to.
  • Most programs can only access a file through a file open dialog. So a malicious program can't secretly read private data on the laptop without the user knowing about it.
  • There are limits to how many times a file can be written to per minute.
  • Network utilization will be limited for each program. Each program can have a different set of settings:
    • Network on/off restriction
    • Bandwidth throttling with burst allowance
    • Connection rate limiting
    • IP/port destination restrictions
    • Time of day restrictions
    • Server port listening restrictions
  • Each laptop has an id that is also held by the government. If a laptop is stolen the next time it connects to the internet it will discover that fact and disable itself. If the laptop doesn't connect after a period of time (say 40 days) it also disables itself until you connect to the internet.
  • The laptop will use the OpenId specification and will automatically authenticate the laptop for the child when going to OpenId sites.
  • When connected to a network that has a backup service, the laptop will automatically backup it's files there in a secure manner.
When the child uses the machine for the first time the laptop will create a public private key and store it on their filesystem. The private key won't be readable except through an API which the project is capable of enforcing, since it's a new filesystem. Programs that need to be able to read more files (like a picture viewer) would have to be digitally signed by the OLPC group to have slightly elevated privileges (at least that's what I understood).
They recognize that there are two kinds of ways of breaking into a computer:
  1. A user downloads a malicious program and runs it (thinking it's something else)
  2. A hole is found in an non-malicious program and a program can install itself via that hole
All program on the laptop will have the minimum number of permissions in order to run properly. So even if a program like solitaire is taken over, it can't do much harm since solitaire wouldn't have access to the internet or the filesystem - it doesn't need it.
Being able to brick a laptop that has been stolen should greatly reduce laptop theft (once the thieves learn that they can't use it or sell it).
I think it's great that the OLPC project wants the child to be able to hack their laptops. This forces them to think better about how to make the laptop secure. The knee-jerk method would be to lock the machine so the child can't do very much which would make the laptop far less useful. Older kids can even get a developer key so they can create slightly more powerful programs, but still security is not compromised. Good job guys.

Comments

Post a Comment

Popular posts from this blog

Shortest Sudoku solver in Python

Mark Byer's site has some more Sudoku solvers here's a short one in Python that's only 178 bytes long: def r(a):i=a.find('0');~i or exit(a);[m in[(i-j)%9*(i/9^j/9)*(i/27^j/27|i%9/3^j%9/3)or a[j]for j in range(81)]or r(a[:i]+m+a[i+1:])for m in'%d'%5**18] from sys import*;r(argv[1]) On the site is also shown a longer Perl version at 185 bytes: use integer;sub R{for$i(grep!$A[$_],@x=0..80){%t=map{$_/27-$i/27|$_%9/3-$i%9/3&&amp;amp;amp;$_ /9-$i/9&&($_-$i)%9?0:$A[$_]=>1}@x;R($A[$i]=$_)for grep!$t{$_},1..9;return$A[$i]=0} die@A}@A=split//,<>;R I think the Python version is slightly easier to understand, although they are both quite cryptic. I'm not sure why I find these programs fascinating. I think it reminds me that any program can be written in such a way that it's cryptic, even in Python. In addition, the code is small enough that you should be able to figure out how it works, and may learn something the process. Related is
Read more

Seven Segment Display in Inkscape

Image
Today I got a little sidetracked while working on my key-train (keyboard training) project.  I thought I might spruce it up a little by using a seven segment display for the digits (say for the words per minutes), similar to what kTouch has.  I found an open source font, but it appears to be difficult to just use a ttf font in GTK. So I figured, it's only 10 images, I'll just make them in svg. I vaguely remembered a heathenx inkscape podcast  describing how to make an LCD display and decided to use that at my base. Unfortunately, they didn't provide any source files in the show-notes (as far as I could see) so I had to watch and redo the drawings myself! By naming each of the seven segments I could create the 10 digits simply by deleting a few elements in one template svg file .  I can create the template as beautiful as I like and quickly create the 10 derived images with these programs . Unfortunately, both ImageMagick and GraphicsMagick don't handle
Read more

Dot to Png

Image
For fun I wasted some time creating diagrams using the dot language. It's pretty fast to get a diagram out, except that there are a lot of things you can't do, like make shadows or rounded and filled rectangles. With this dot code: digraph "User Clicks" { node [ shape="rectangle" style="filled" ] server [label="Server"] java [shape="ellipse" label="Java\nCode"] provider [label="Service\nProvider"] browser [label="Firefox"] browser->server[label=<&#9312; AJAX Sends Session ID>]; server->java[label=<&#9313; Confirms Session ID>]; java->provider[label=<&#9314; Makes HTTPS call>]; provider->java[label=<&#9315; Results>]; java->server[label=<&#9316; Results>]; server->browser[label=<&#9317; Results>]; } You can click on the image to see the SVG rendered in Firefox, if you use that. I wrote a little python program to call t
Read more