[possibly somewhat off-topic here, secureos@xxxxxxxxxxxxx can be used for discussion about it] I've written down some ideas how I think it would be possible to implement easy to use and quite secure graphical user interface and operating system around it to make it possible. It's available at http://iki.fi/tss/security/os.html Currently I'd be very interested about hearing comments why my ideas simply wouldn't work with certain kind of software or would be just too much pain. Or some other fundemental technical problem why this could never work. Or more positively, people who would be willing to participate in more complete design or implementation. To avoid too many replies for issues that are either addressed there or aren't exactly relevant, please don't reply if you're only going to: - suggest using SELinux, Java sandboxes or similar (yes, maybe based on them, that's not the point) - say how sandboxing limits usability and it would never be user- friendly (it could) - say how user-friendliness and security are always mutually exclusive (they're not) - say how it's going to be too difficult to users to keep updating access control lists to run software they want (it's not needed) - confuse operating system with kernel (OS is more than just kernel) - say how no matter how "secure" you're trying to be, some people will always bypass it and hurt themselves/others (yes, it's true for home users) I've heard all of those too many times already and I think they're all answered well enough in the paper.
Attachment:
signature.asc
Description: This is a digitally signed message part