[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Small codebase as a prerequisite for security
On Thu, Feb 11, 2016 at 8:20 PM Peter Gutmann <[email protected]>
wrote:
> Sean Lynch <[email protected]> writes:
>
> >I'm not talking about raw size or complexity here; obviously having lots
> of
> >features and support for lots of devices means high complexity, but it
> doesn't
> >require that all that complexity run with full system privileges.
>
> XKCD is, as usual, most apropos here:
>
> https://www.xkcd.com/1200/
>
> A huge amount of embedded stuff doesn't even have a kernel mode, because
> its
> irrelevant (or, if the hardware does actually support two different modes,
> everything is run in the highest-priv'd mode). Either the system is
> robust/secure/reliable or it isn't, whether there's a kernel/user split is
> irrelevant.
>
Obviously on a device with no MMU or supervisor mode everything running on
it is your trusted computing base.
Security is not binary.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20160212/91b1e969/attachment.html>