[ge-talk] Security services provided by OS
Waldemar Kornewald
wkornewald at haiku-os.org
Thu Jan 11 13:00:22 EST 2007
Hi,
On 1/6/07, Zenja Solaja <solaja at gmail.com> wrote:
> What do users **really** want when it comes to security services provided by
> OS?
>
> What people actually want from a 'secure' OS is four types of protection:
> 1) keep my confidential data away from prying eyes (ie. don't allow the kids
> to delete tax return)
> 2) prevent locally run applications from destroying your data and the system
> 3) control remote access capabilities.
> 4) prevent a rogue application from tampering with a good application.
I think you forgot the probably most important point:
5) users don't want to care about security (it must be as automated as possible)
Don't require the user to learn anything (apart from maybe a few
*very* simple concepts). Don't assume that the user knows how to
identify bad software.
About the "mounted image" concept:
There was a BSD distribution which wanted to do something along those
lines. User profiles could be copied on a USB stick and carried
around. Only the user profile is mounted writable while the OS is
mounted read-only and write access is only granted for individual
process that want to do system changes. Any changes to the system
files requires authorization by the user. I've unfortunately forgotten
the name of the distribution (it was mentioned on OSNews a long time
ago).
Bye,
Waldemar Kornewald
More information about the glasselevator-talk
mailing list