[OHSW.org] Talk Proposal: A Spying Resistant System

Neal H. Walfield neal at walfield.org
Sa Nov 2 14:24:19 CET 2013


Hi,

Following Nikolaus, I'll write in English.

I'd be interested in holding the following talk:


A Spying Resistant System
-------------------------

In Kafka's "Trial," the protagonist is charged with a crime.  Exactly
what the crime is, he is told, doesn't matter: he has certainly done
something wrong and the government will figure it out soon enough.
Recent relevants by Snowdow show that this dystopia may be much closer
than even many privacy advocates suspected.

In this talk, I will outline the architecture of a secure system that
can protect users from this type of attack.  There are three essential
components to such a system: open hardware, a secure operating system,
and a secure communication system.

We need open hardware to ensure that we can control the system.  We
need to be able to know that the modem and mic are really off when we
power them off and that the modem is unable to interfere with the
operating system.  We also need open hardware to ensure the long-term
viability of the project: big manufacturers retire hardware far too
quickly and provide little support, if any, to OS developers.  GTA04
appears to be an excellent solution.  Indeed, it may be the only
option at the moment.

We need a secure operating system to ensure that programs are only
able to access data that the user intends that they access and are
unable to influence other programs unless the user explicitly
authorizes it.  Unfortunately, Linux dramatically fails to provide
mechanisms to ensure this.  Instead, we propose the use of a
capability-based operating system, which allows the fine-grained and
dynamic delegation of authority without the complexity and
inflexibility of systems such as SELinux.  For this, we are
investigating the use of Genode [1], a commerically supported, FLOSS
operating system derived from the L4 microkernel.

Finally, we need a secure messaging system.  This must not only
encrypt a message's content, but it also needs to hide the message's
meta-data, in particular, the sender and the recipient.  For this,
Dissent appears appropriate.  For other traffic, we need to route via
TOR by default.


[1] http://genode.org/
[2] http://dedis.cs.yale.edu/dissent/


Mehr Informationen über die Mailingliste Open-hard-software-event