[tahoe-dev] Secure OS for running Tahoe?
Patrick R McDonald
marlowe at antagonism.org
Fri Feb 22 18:45:54 UTC 2013
On Fri, Feb 22, 2013 at 09:23:11AM -0800, Simon Forman wrote:
> Hey all,
>
> Forgive me if this is the wrong place to ask this or if it's terribly
> naive, but could I get some recommendations for secure OSs to run
> Tahoe on? I know there's OpenBSD, are they still near the top of the
> heap? What about OKL4?
>
> I'm a programmer, but a total neophyte when it comes to security et.
> al., I know just enough to know how little I know.
Simon,
This is the right place to ask and don't worry about sounding naive.
An upfront disclaimer, I am a security consultant by trade and this type
of thread is one I really like to discuss. So forgive my long
windedness and thank you.
Your question however is a little hard to answer in that the definition
of secure differs from person to person and implementation to
implementation. To better answer your question, you need to come up
with a threat model. A threat model defines what you are trying to
protect, from whom, what resources the bad guys have and are willing to
use to get what you want. For example, your threat model might not
include aliens as the bad guys, but mine does as they are amongst us ;)
Hopefully that bit of humor, made it clear that what is secure for me,
might not be secure for you. Once you have defined your threat model,
you can find a system which meets or hopefully exceeds your threat
model.
Threat model discussions aside, use an OS with which you are
comfortable. While system X may be more "secure", it won't make a lick
of difference if you don't understand how to use it or its security
features. Think of Windows early implementations of User Access Control
(UAC). Users simply checked yes because they didn't understand what the
box was asking, possible putting their system in danger.
If you aren't comfortable asking OS implementation questions on the
list, please feel free to contact me directly. Also don't worry about
sounding as if you are in over your head. I am actually the same way
when it comes to programming. We all have to start somewhere.
Cheers,
Patrick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20130222/519bd156/attachment.pgp>
More information about the tahoe-dev
mailing list