I just finished watching a 2006 Tech Talk by Rik Farrow on computer security models. It’s worth watching. He spends roughly 45 minutes discussing how our current computer security models are broken and finishes with a proposed solution.
He starts by talking about the most prevalent attacks today including SQL injection, XSS and buffer overflows and how weak our current operating systems are at providing adequate protection. He then moves through the history of the mainframe leading up to our current operating systems to present where their flawed foundation originated.
He does give proper credit to more secures system like SELinux and Minux with their microkernel models, but also discusses how the complexity and/or performance of these systems prevents their widespread adoption. He also briefly touches on the failure of things like Linux and OSX to stay as true microkernels.
All of that is interesting, and he is an excellent speaker, but it’s all just a build up to his proposed solution. Spolier alert: His recommendation is to leverage the security inherent in the the traditional microkernel model but solve the performance problem by allocating the microkernel its own processor core of a multiprocessor system.
It’s an interesting concept, albeit not exactly new nor simple to implement. To his credit, the slide that introduces the concept is titled “Blue Sky” so he has no illusions about the difficulty here. However, that’s not what makes the talk so interesting. What is interesting to watch is how quickly the Googlers start punching holes in the concept. These guys are sharp!
Farrow, after an elaborate 45 minute build up, unveils his masterpiece to his audience who immediately are like, “yeah, that’s great, but what about a, b, c and d?” Farrow had answers to some of the critiques but often just acknowledges the critique (in a diplomatic and respectful way).
The talk provided some great food for thought, but I found the over-abundance of quality discussion at the end of the talk very inspirational. It fuels my desire to want to work with people smarter then myself. How cool would it be to be working in an environment where colleagues provided insightful critiques and pointed you down hidden paths.