l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2010 Dec 20 11:32

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Security in Space!! [was digest post reply]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Security in Space!! [was digest post reply]

On Mon, Dec 20, 2010 at 09:02:01AM -0800, Nicole Carlson wrote:
> On Fri, Dec 17, 2010 at 12:00 PM,  <vox-tech-request@lists.lugod.org> wrote:
> > Message: 2
> > Date: Fri, 17 Dec 2010 11:28:04 -0800
> > From: Bill Broadley <bill@broadley.org>
> > Subject: Re: [vox-tech] Secure kernel panic
> > To: vox-tech@lists.lugod.org
> > Message-ID: <4D0BB9C4.7090209@broadley.org>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> > On 12/17/2010 09:39 AM, Nicole Carlson wrote:
> >> Hello, beautiful people!  How I have missed you.
> >>
> >> A question for your enormous brains.  Suppose that the kernel panics.
> >> Further suppose that I do NOT want it to dump core.
> >
> > I don't believe it's the default.  Are you worried about it dumping core
> > without you asking?  Or are you worried that someone with physical access to
> > the machine could force it to dump core?
> Not physical access--it's hanging out 25,000 miles up in the air--so
> much as information leakage.  The threat has to do with possibly
> classified information leaking out.  Suppose that our hypothetical
> Linux-running satellite processes classified information.  Now suppose
> that something makes its kernel panic.  My understanding is that when
> the core is dumped, including whatever possibly sensitive information
> is in memory at the time, it becomes readable to anyone who can snarf
> the coredump file and apply kernel debugging tools to it.  This would
> be bad.  The easiest way I can think of to stop this would be to stop
> the kernel from dumping core.

Uhm, you have to have a key in memory to read the data or in some register
and a decryption device. Say your device kernel panics. The network
stack will go away, correct? And then you won't have to worry? I assume
that the issue of physical security is not a big issue, correct? Not
too many people doing space walks or are there? ;-) Or, is there
an adversary with a robotic arm somehwere?

Perhaps you could use SPARK/ADA and develop a fully verified correct
system that has full a <-> b relationship where b is always a secure
state and a is your functionality set, and not a -> b, such that you
implied. SPARK has a full system verification process and a built in
prover using Prolog to aid in verification based upon annotations and
architectural limitations that you provide. 


The Lego Mindstorm looks like an interesting project that could
provide the foundation you need.

Or, you can use TPM with Linux where security is built into the hardware,
still be secure, and still take advantage of the versatility GNU/Linux
tools have to offer, yet I believe will encrypt all data. Now, all
you have to do is worry about managing is you key. I haven't used TPM,
but as I understand, encryption is built into the bus, or somewhere
in the underlying hardware, giving you security at the base level.


Brian Lavender

"Program testing can be used to show the presence of bugs, but never to
show their absence!"

Professor Edsger Dijkstra
1972 Turing award recipient
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!