Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


How Do You Secure 100 Million Laptops?



 By: Ryan Naraine
2006-10-12
Article Rating:starstarstarstarstar / 0


There are 1 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. How Do You Secure 100 Million Laptops?
  2. ' Page 2 '

Rate This Article:
Poor Best
How Do You Secure 100 Million Laptops?
( Page 1 of 2 )

The One Laptop Per Child project will create the largest computing monoculture. Now try securing it.If the plan is perfectly executed, Nicholas Negropontes One Laptop Per Child project will deploy 100 million laptops in the first year. In one fell swoop, the nonprofit organization will create the largest computing monoculture in history.

Wary of the security risks associated with a computing monoculture—millions of machines with hardware and software of identical design—OLPC foundation officials are seeking help from the worlds best hackers to review the full specifications of the $100 laptops security model.

"This is an enormous challenge for us," said Ivan Krstić, director of the security and information platform efforts for the OLPC project in Cambridge, Mass. "Security for these machines is hands down the hardest thing Ive ever worked on."

One Laptop Per Childs CTO explains how new display developments are bringing the $100 laptop closer to reality. Click here to read more.

Krstić has spent a large portion of 2006 slipping into security conferences around the world, schmoozing with hackers, trying to recruit computer security experts to look at the design and threat model and provide useful feedback.

Resource Library:
"We want hackers to get in touch, look at the documentation, play with the machine, and try to break into it. We run the risk of getting parts of this wrong and thats not something we can afford," Krstić said in an interview with eWEEK.

A former director of research at the Medical Informatics Laboratory at Zagreb Childrens Hospital, in Croatia, Krstić said he is well aware of the dangers of the monoculture. "If this succeeds, well have created the largest monoculture in the computer industry. To answer whether thats scary or not is a nontrivial question. The security implications are deeply frightening," he said.

The overall design goals have already been released to OLPCs security panel for review, and Krstić plans to publicly release the specs to generate feedback from the open-source community.

Krstićs team has already pinned down the security policy and threat model for the BIOS, the built-in software that runs when the machine is turned on. The machine, he said, will feature a completely secure BIOS solution that allows fully automatic upgrades without user intervention and fully protects against phishing and automated worm attacks.

"Many of these kids will have never seen a computer before; they wont have a clue about computer security. That means that a lot of mechanisms in computers today just wont work for them," Krstić said, stressing that everything on the laptop will be open by design and will not rely on passwords for authentication.

Four countries commit to buy 4 million OLPC laptops. Click here to read more.

"One of the main goals is to provide unobtrusive security," he added. "Were doing security in a way that doesnt depend on the user reading or responding to a prompt on the screen."

The key design goal, Krstić explained, is to avoid irreversible damage to the machines. The laptops will force applications to run in a "walled garden" that isolates files from certain sensitive locations like the kernel. Even if the computer is damaged, the security model calls for a trivial reinstall of the operating system to put the machine back into full functionality.

Despite the security fears, Krstić is optimistic OLPC has a few aces up its sleeve. "We dont have backward compatibility on our list of concerns. Thats a huge advantage," he said. Without having to worry about existing applications, Krstić said OLPC can actually define the security policy for every piece of software built for the machine.

"We can tell people, If youre developing software, this is the policy," he said. "We dont have to worry about thousands of apps that will retroactively break. It gives us an enormous level of control."

Still, there are crucial security decisions that are still up in the air. For example, the group is still brainstorming about whether to include automatic updates by default. Krstić is leaning toward implementing automatic updates, but, ideally, if the security model holds up, he expects OLPC to have a level of isolation between the operating system, applications and user data that will reduce the need to issue lots and lots of updates.

"If we discover vulnerabilities, the security model must hold up enough that even a machine that is unpatched wont be easily exploitable. This gives us a bit of diversity to avoid the monoculture trap," he said.

Next Page: Automatic updates a "tricky" issue.





  Reader Comments: How Do You Secure 100 Million Laptops?
>>> Post your comment now!
Laptop security
Buy one of these ;) [url=http://www.arengineering.co.uk/under_desk_laptop_security_pc_computer_tower_hanger_cages.html]They fit under your...
Posted At: 01-01-09
By: Anonymous
>>> Post your comment now!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}r۸j9km]mGJɶheyYJ<:U*$)h欟/Oo<xӅl';NŖ4F7?Hpur&skj΢>w߽ [f8mTE[\ߤ~Am;t =4mMFNHB~}@~sf7D%x_'Щ=ѩ&€wɔZiКoلؗ>}~qb .pvLQm_Q$Ё_M¦%#xERzGGEQ}&k[1tUN(T|0tgL'þ=a>"e%k4݋ʏIGO(0{sو&lXaV|]kU[_oGK'^CM[CEC0ʡ"1p;|jio]}8蜒$7SY>_;Be}Y 4ӗ?g,Y`M`IhL2Xa]NЎ2ߜ!o4C+D_x0Nukn5 @̀kifkPXTA5@N)51rkM`3R蕦iK3_^*-ͿEh+bԜөɛ!"ƈO9x|!XsI((G&μlOyx.zY[5'jdamE՘iH .Cu&vk}FW~?u~]T364>H ,I!eݴ%V&cW*P\?.Ëʡb(7ZdL,1,{Ltp6 0hv?3Ϩig89ytDAG61^zK" ,70}Hg@zqI $wX8}ZsO6/|Ta֌^I$>6Z\?` VCfB뎂9{׿ergm͠A(oMnHX^0{@`^@48`88ʼE]uCbB=ٚ閭,L<ħܠ~C|#s\(L7^"32)%%E2 EEKi@$ $h-4O`r.,lbo(?HXVpD*m'8.܉;T+ϕ2ڹ&3,ЂW-Kїtfd(=?n1!UG ,D`v9r,L.Y O6JԭyrY9ִj>Ӵ7=[KܺyOm,@EL$%\EwTgtt?{\ύ!7!q"% t0x>h3Vh9N) ./ a SnRg9X0N-cJb+p5(Bk?f P=6`=϶Y$tP:%qK{:9A7ÚLGQG+oo7 =p ؇#UV3_I<2pGҶ-o ?W*|z[.z8؍8r!O5kb$`CO <y"N6{ kk&㓫(\=P=Дfkb*q (uP\O ō4BЊOW}?ٲZdY6 V7v/KR9_LR[kҁ rLZԵ1 E$$"Y `}.eOqHLīd-m7D=t=ƠnP jrIjS#W4E%:,Wfn  ()r?-j5 sXS;hM>vI{L3ϐ쀡r }ϯmj+@oLrCm0 ǖ "^lB;_=1VW}PZ`!?ՊRR4' q/#Y /m0ܱk}>bDugAPOKC@ @Mqέ3pPS@ bN,(t=(U+/{y@٘*# k Bo`" 2l3sG/.fts݉M% i4Q.)J5E` L] T< ty; :6. 3H#60/`k@/ /QPHWkX ±tбթ6=,JI:NdԘ>S7Ϗ9(ghW9d*GHV/ЪZZ͎^=>yP2z4b&c1о|6Œu+lm?`gV`pl1\EAPB lܓ~_3_?K} [L޴@V1g`{7=;#[4Q5rRd2y6PC*lZǐlwBO/'WAJEVK`zEZ%y HǞ1]]2Y֘y֩4>ʐkhG2gdYrHUm{\ cw2|ULպĮOm8oyJu8e3 S`e3*~g~hKJ]ad|?T\S=@V:M|ݤ1p NM4 HNJRDuATݴJZV7O \J9 ^M L%Kf?lͥZ5?g D~sBx@erIMYI {QK #nK-%.O@ހذ:zfSnio.ZZx\ XLh;}X^5MdX$fPq+ZP@iuI+KZ̡2a{V$}? \EI's3ҿn BDoSwgusć) R#Zִ2Hw ضVU 'DiqC` IZVS"YK@rvzJ5+ ePexp|{W !&1ǷWXL]tKMF@"'!M43,`jRUܘό&~>VW_&/!(0H_dhmdU]uv@ޏ.cﻛ)ilw9[ŧ#ͥ`L̴M\gwh^PD(Vp)c㻞Pa*/q)y8zd2 ,fJfyӼ2iɜAxl7B_7nC\pb_cAcqU~(TR/fO"J麇9S]MU,^RRMJ>\_$k" h6`#Fm`"fsME[k\HnB0Ck.ExOGMRiY6=l%Z)E45ye>kEysD43 [W},舵5ZcJZJ`9D)u& 澃rB.FA<큿|F`_.kO vDrt겳xښs[WE,hanH̥(b@l3D\,SXrc2Wࡩr?Lh%Os * o򌂯kir7)䄇&%-:> :K2jb^-$> &ĖJZ9wB8NymY첎dBV>Jގ㣒mS@nk5)XR10f}tRwԦa&+oRVIgɛ!UCBz7gN~roꈬV"'gHNgX2)D,/3 5x;lP > qs&IRemLSUR|q}<,h; eLmL+}!$6 ~+FםaTһ)- 5W9]sՌ(K#„hD9g{egI!ZFuI8s%@YS' :"h@|HD@ǷKIae}4%}.o9vVo_|UI:}-hM9 ?ʼn#zm6"G 0`yi>bNw鹦erIt%7XAKJZSr Gjo`p^A<iYňۉx%U݁x.+D:өΨKQuMX*T n6%=TCJ"-Nzdʀ. %pK^~]nKK]oai0@ܳd9`@ZZQHRUD F\ BFmܲꗦ(kjS=A m+zu>slIfg|XER j!EXgmG-Y՞D&930Enl9" :H޸aJ嚢j9CH0$H"@z2>"T>ί~ ϷgsIՙr=%Vbp/-`X.,|v@>s!"A$ D\p,/%~OxyK}!KWtɘ-G .{xxwӐOxP |->I9d0Dπ況.䑨/Yvxq')ԊuP8c{iht[.,:$ 8eRo)ɰKC$! aq$ YЯ;."4Tgk"(yzCjn,MKGR?43 I]v͋]{W\}iW I7_A(a $=6ϢuU;EN{mYï^|LAk3"A[of6௶eula}&$^gj$/*淵qdE;u^)Kjhk;5̺ ^D7؆_?MFTˬRDEQ3 ƹ);{/bb,k֖|*P25QzT+opCA$*Ih=EOaI|`u1 נ)8weRɏT|ׂƫҞ_VCھ%Y4 d^Lm/#INO=XL 3;(t3dH c"8 3{Crpя"u@9 euTZWIYc3+s/g'[?I%4&+uP$(o8. 2â>&L1Vͦ* 0i6!:6M]{Sz@~RJ~/`EKLOAGq副bL3-?(p k/GI'Hr QD<D Q>*F]{N9-( oϩ~;T-8 YWSxX3CvmIrzˣa1 #ʵmq|=Dy6q.@ؕM e9L XWj*bdfiAh!Fv={Kb++6Q{F$Iяhkjj5v5V^"x71akzzF-?xǍE/]Q|~4.2dR  /)/˛i~p\+CFm.93͒EˉntCSs95 T)z~Ar)XZJ,w%[dox?Bք0XtL'f|Qbۣ*TH5ip ?b\i zM`s `C~<VzZ3ZOklP;Xif˸yJ)~,y-JYթn[lݹ]}=!5ITap}jh TӴHdm]TϱVR*jZ?";М } <sXd[Mw=;(;Rsd),7|ޝ+j߶$|pTfs' "gt~NL݆$õnOt@EP]_`9r}{Ω03r1S %'{+. L6mEUk)ַg%;ڥ]baYL &N肼ݱX.?Da|G,_ۄz!|#&#lEY6pt@#/t1цݠ_ČVS\>fFkYAcˠO׈1h 1"TЭB9Ϫ͒;IoP}sY?e=a '2u?|߽[!g>Nm~ChM-ã||U:k|%wRWlϦ!ˈOl~:NSt#?*)ځU^Ϟq4-cWldb$YQ" p4,Xչ E{0h_*K(p(-$ vu? ť7$juH ]\W 3s x7tT$le!.к|U/~m#k^Kʑf촏ho~+J ՝chTpjd5"&t85Aߟ}>K1% aAr!˖ۈ) csSӖ|B(1A||u#D[?b 6C;b<1cbHc7]J3*RGƠ9vqU@y+DD͂z![C򽉑:y~9s)aR;:DQ@<P 4'<,mq7,zoj Bp),f,՚RD&u]Cu]j%u_]À= YU^&"ߋӔ\ BI] / (HZ W}GCHIPu0՝3<.>5iv?O;WN/z7xf Zӷhlԝs;tڻt޹l_]w.&hL_ }mPo$efvʜTx)B*r<@;Y9)ureN9OPisȁڮ͙.3.vstsӅwsg賛Cȣ9sC@?rʻP)̙K̙ȟ^|ȗ+r޿Ρ>3>3 @/?}}ȡP11g|sw7y@79{wCi]'I9z[9|ֺ…۩INy<ɡJE5ৼrXB]By<*PC/nr ثV=ןbMexG,E<mcLkbžȁ`T %ܻGzʉnS'\2A4̎lOAp^Dw9Mw[0`\p|bOCvHu1jk|(O*8y:RMw ߽,R+tCc,~(NBhعkjzG|bpO/4psn ߛ 94l HGRiejRߓNx1Ux@Dd1| ̈ɪ"+uw9 8]V*r `"! *s>P`26UF` Ԋz!J1 =4`֭tK/1;BDO"OӉ74;fCWe",eƋaSOp$v@0~Y8P&`)؞.F^G$(w `9ǤK4l!%KlŜh'b#']gV&L~,O~f+g-cUrߡQ'C)<:,ed` tOHW$KE|&߲)tφ- T/ADlZe CAx`XC-['lyjb)m+H6hHN,6zo7#+fUx/C4t_sA{疣;*عeUhJm;9uh2֭0kc'pG!-XwVulם@# d9e7s1$(+nOvGT '>5'ك|4hM@(ْ0F/?Fq:l/ASl2qc[<@WD0;"Yc"sEX,8/# uf㿞{w>E}2\Dxkyf%3+~`[wt-(5x2;nGLe(|_a[0~OX+JbA<\n2?>%i3|@ }( of465`y+@4W pS`hp#1uBR(cto@ U!?c]'nFQXƦi#]QaW:6 6n Mߩn®,0tG؅nl`Txq;s_08V0|>,lp/>CwϏq`2[﮳~ηpA}k\,,L[뙗Z']YE!hXj=E"O q~ fK#fY [Rj`n~3 4pRaL  b[иˣŬ"&D0Ȯ'R:rsh{h۟sT*Ba$!R3 Ej F.t3\048`yb3Sq2JѬod;j 9әd_yfȅv1,#6 7E{b5`!ˁtv.>J`ggί>!2T!6xvњE:?#[7nyIw׽gRTF^ZP$DY; AHcZggwxY޿a*XEClś|`bhPgr09dv?,qg;f¦[HXFIkkj0HݖZ)