A "Secure" OS made PRACTICAL

I can remember suggesting a theoretical Operating System that requires object code to be compiled in such a way that a decryption key is required for a program object to execute. The program object itself would execute unencrypted in RAM. 

I cannot find the entry at the moment, but I have also suggested an OS that uses an RSA key for program installation.

Separately, I have contemplated a Linux user, organized such that the encrypted home folder appeared as an UNMOUNTED container over IP, while operating as a MOUNTED container locally, for the profile user. This would defeat some purposes of SSH, but would harden the installation against data theft over IP. 

Now, with the development of an offline username/password for a program, I am asking myself if I cannot effectively suggest a practical (as opposed to theoretical) arrangement, whereby the program presents a credential (or two - username/password) to the OS, for permission to execute.

Clearly, multiple program objects with OpenDRM or Distributed DRM executing within the OS, would be independently secure, but this would NOT block a trojan worm from executing malicious code.

I do not want to forget T(erminate) S(tay) R(esident) trojans, but these would necessarily "die" at reboot.

Mostly, malicious code is only executable with stolen profile password or stolen (escalated) admin authority. If a Linux distro could be modified to require executables to present the profile password to execute, it would narrow the field for malware. 

To this end, we can observe that Windows currently requires a y/n approval to install s/w. This passively challenges the code for admin privileges. 

A y/n "nag" for PROFILE USER to authorize program objects to EXECUTE, might be unpopular with entry level users, but secure users might embrace it, when it could be shown that avoidance completely defeats unauthorized software.

This would be MOST evident at BOOTSTRAP, when the user would be required to knowledgeably authorize EVERY authorized process, so some education might be a prerequisite requirement.

Comments

Post a Comment

Popular posts from this blog

A Question About Erasthmus' Sieve

Students of Mathematics are familiar with Erasthmus' Sieve. 2     x 3          x                4       x 5               x 6     x     x 7 8     x 9          x 10       x          x 11 12     x     x 13 14     x 15          x     x 16     x 17 18     x     x 19 20     x          x 21          x 22     x 23 First, we strike all multiples of 2 up to the square root (5.) Then all multiples of 3, then all multiples of 5, etc. I wrote a digital implementation of the Sieve, and used the index cr...
Read more

An Improvement To The Three Second Hold Rule

The rule that a broker has to hold a share for three (3) seconds, or one hundred shares for three hundred (300) seconds, can be improved. Brokers wishing to game the system will simply proliferate buy orders, and hold multiple buys of consolidated numbers of shares for three (3) seconds. To limit this, each broker could be limited to one buy per second. In this way, if he wishes to invest in 60 companies, he will have to use 60 seconds to put the buy orders in. If he wished to buy 1,000,000 shares, but only wishes to hold them for 1000 seconds ( 16.6 minutes,) he would be forced to put in 1000 buys of 1000 shares each. This process would force him to use 16.6 minutes in the buy process, after which each individual buy would be ready to sell in 50 minutes.  Computer programs written to optimize time to hold v time to buy would be forced to keep track of all the buy orders.  An alternative would be to attempt to consolidate all buy orders, but this is game-able by a round robin ...
Read more

Notice of corrupted results: Vigenere may yet be found to be a "group."

Retraction: It is with regret that I do not delete the previous post. I am an individual, not an organization, and I failed to adequately double-check my results, but I am leaving the post to maintain some accountability. I am able to definitively say that the script for 2chars_from_file.py DOES NOT yield an exhaustive list. It develops the ciphertext for all 2 Char combinations of the FIRST 10, three character ciphertexts. This is not due to a logic error, but rather there is a virus that corrupts the indentation of the two write statements.  This may be verified by downloading the relevant code, and examining it, and running it if needed, against the relevant datafile. It is difficult to be exhaustively correct about ALL of the scripts. This calls ALL of my results in question, with regard to the qualification of a mathematical group. If Vigenere IS a group, the resulting substitution is still valid, but there exist 6 Char passwords that will accomplish the same encryption in ONE...
Read more