GENERAL APPLICATION PROCESSING™
FLEXIBLE SYSTEM ARCHITECTURE™
EXECUTIVE SUMMARY — SECURITY APPENDIX
| GENERAL
| GENERAL
| BARRIER
| ROM ONLY
|
| GENERAL
| GENERAL
| BARRIER
| BARRIER
|
| GENERAL
| GENERAL
| GENERAL
| GENERAL
|
| SWAMP
| GENERAL
| GENERAL
| GENERAL
|
First,
some quick answers regarding just exactly what the above
colorful artwork is supposed to be
(hint - it's a very secure computer system):
There is at least one processor in every box.
Some of the green boxes can be implementations of the ubiquitous Intel
architecture,
while the red and yellow ones should be the more control oriented FSA
architecture.
We'll get to the dark box soon enough.
There are seriously secure walls between colors.
These walls are
hardwired.
They aren't merely an attempt to write some software to hopefully
act as firewalls or antivirus programs, they are
etched
in
metal.
Of course there have to be communication gateways across the walls,
but every square has its own specific address, and while
information
can be pulled
from the lower left to the upper right, it
cannot be pushed
in the other direction.
Imagine that programs are running in every box. They need to communicate,
but if the ones down left want to communicate with ones up right, they
have to politely ask. Yes, "spoofing" is still a possibility. There will
need to be some very smart code running in the yellow squares.
And the red square? its processor is run from Read Only Memory.
Some tricky burglar could conceivably sneak in and switch out some
computer chips, but
no outside agency
is ever going to interfere with its operation by way of the
Internet.
Each color handles specific peripherals.
When I can take more time from engineering, I will make a prettier graphic.
For now, imagine little pictures of keyboards, mice, disk drives,
memory sticks, etc, each with a line to a specific square.
Also, imagine the Internet connected only to the SWAMP square.
I almost named the swamp the sewer. Let's face it: the
World Wide Web
is a world wide breeding ground for lots of nastiness -
nastiness no one wants getting far into their personal computer "house."
The modern PC, regardless of its operating system, is a one story
building
with thin doors.
The alligators crawl in and they find ... well, to mix the metaphor,
they find basically one single disk drive, one single memory space,
for practical purposes, everything flat. It's very easy for them to get
around - no stairs to climb.
Getting back to peripherals, why not
protect
the important ones from the
alligators?
To me, one of the more insidious pieces of malware is the keyboard logger.
It hides quietly, doing no damage to anything inside the computer, so
without you knowing it, it sends out your account numbers and passwords as
you type them.
Why
can some random program, uploaded by somebody who is NOT your friend,
ever
see what you are typing?
Why should you
ever
have to worry about such a thing? If the imaginary keyboard is attached to
the yellow level above, it is far, far away from the swamp. If, say,
you are filling out a web form, the form can be
pulled
into a yellow square, and when you've filled it out, the keystrokes can be
pushed
out right past the alligators. Pushed out from a yellow square.
A similar situation holds for other peripherals.
Your private data should be in a separate memory space, maybe even an extra
disk drive, hooked up behind the metal firewall.
Final Thoughts
Are there any new ideas here? Probably not. And yet, no commercial offering
implements anything like the system presented here. We are getting closer
to the possibility. The newer chips for PCs contain 2, 4, even 8 separate
processors. They could be set up in a security hierarchy like this one.
However, one of the key factors for true security in this design is that
the processors at the top right should not run the same machine language
as the green processors. They should run totally different instructions
as protection against any nastyware that may get spoofed past a gateway.
That would nominate many possible processors to fill that bill. However, the
FSA is already optimized to support the ideas discussed here, with a number
of proprietary approaches to enforce the hierarchical security.