Re: Linux-NG - security

To: Francis Whittle <fudje@subdimension.com>
Cc: debian-devel@lists.debian.org
Subject: Re: Linux-NG - security
From: Russell Coker <russell@coker.com.au>
Date: Mon, 30 Dec 2002 00:57:43 +0100
Message-id: <[🔎] 200212300057.43126.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20021229233602.GA13147@blackberry.noxious>
References: <[🔎] 20021229175930.GA8986@digitasaru.net> <[🔎] 200212292324.42357.russell@coker.com.au> <[🔎] 20021229233602.GA13147@blackberry.noxious>

On Mon, 30 Dec 2002 00:36, Francis Whittle wrote:
> Dunno anything about TCPA, sorry.

I recommend that you read about it, it does some of the things that you seem 
interested in.

> > I wasn't aware of any crypto support in mainframes.  Do you have any
> > references as to what the S/390 family supports in this regard?
>
> I was meaning in terms of channels bypassing processors.  Mainframe
> channels don't neccesarily need to use a processor, or even classical
> memory sometimes, they can do software<>channel<>device.

Like bus-mastering PCI cards.  You can have two PCI cards talk to each other 
without involving main memory or CPU.

> You have a bootloader, a pre-vm that defines a minimal threading set, a
> linux security vm (low priority) a linux kernel vm, a security
> interface to comminucate with the authentication system.  These are all
> in software; like so (same level of operation on same line):

So are you suggesting a micro-kernel architecture so that the Linux kernel 
can't get direct hardware access?  If so then that will never take off, Linus 
doesn't like it and there's the HURD for people who do.  I suggest that you 
investigate the HURD.

> After Booting, the bootloader loads the Pre VM.  This can be considered
> like the Linux Virtual Machine which interfaces between the Linux
> kernel and hardware, turning Linux system calls into the correct I/O
> mechanisms.

Firstly, there is nothing like a 1:1 mapping between system calls and IO 
mechanisms.  You could have Linux running over a virtual hardware interface 
such as UML.  But that has some significant performance issues and doesn't 
necessarily gain you much.

> This Pre VM, however, is minimally multithreading, unlike the existing
> Linux VM (sort of).  It spawns two virtual processes, first the
> security VM, which sleeps until the interface makes a call to it, and

Let's call these two processes two copies of UML Linux running on Linux so 
that we are talking about something that could possibly be implemented.

> Once the OS has booted and the Authentication System starts, it
> switches its memory interface to be the security interface, while the
> input remains in the linux kernel (This could be difficult to achieve
> without writing some new calls to do kernel switching).

What do you mean by "kernel switching"?  Are you referring to having a 
"Trusted Path" to the security code from an application?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- last one, kernel-switching, microkernel, dynamically loading kernels.
  - From: Francis Whittle <fudje@subdimension.com>

References:
- Linux-NG
  - From: Joseph Pingenot <trelane@digitasaru.net>
- Re: Linux-NG - security
  - From: Russell Coker <russell@coker.com.au>
- Re: Linux-NG - security
  - From: Francis Whittle <fudje@subdimension.com>

Prev by Date: Re: Linux-NG - dynamic loading
Next by Date: Re: Linux-NG - dynamic loading
Previous by thread: Re: Linux-NG - dynamic loading
Next by thread: last one, kernel-switching, microkernel, dynamically loading kernels.
Index(es):
- Date
- Thread