Security Thoughts

The past two essays have drifted more toward being tutorials, rather than "meandering & idiosyncratic" research into computer languages, so it's time to get back to expressing guesses and speculation.

This one is more about architecure than languages, but I still think it has a place here in this series. One interesting thing about it is that it was the first written. I added it as an appendix to the FSA Executive Summary a good six months before I started on the others.



GENERAL GENERAL BARRIER ROM ONLY
GENERAL GENERAL BARRIER BARRIER
GENERAL GENERAL GENERAL GENERAL
SWAMP GENERAL GENERAL GENERAL


First, some quick answers regarding just exactly what the above colorful artwork is supposed to be (hint - it's a very secure computer system):


There is at least one processor in every box.

Some of the green boxes can be implementations of the ubiquitous Intel architecture, while the red and yellow ones should be the more control oriented FSA architecture. We'll get to the dark box soon enough.


There are seriously secure walls between colors.

These walls are hardwired. They aren't merely an attempt to write some software to hopefully act as firewalls or antivirus programs, they are etched in metal.

Of course there have to be communication gateways across the walls, but every square has its own specific address, and while information can be pulled from the lower left to the upper right, it cannot be pushed from that direction.

Imagine that programs are running in every box. They need to communicate, but if the ones down left want to communicate with ones up right, they have to politely ask. Yes, "spoofing" is still a possibility. There will need to be some very smart code running in the yellow squares.

And the red square? its processor is run from Read Only Memory. Some tricky burglar could conceivably sneak in and switch out some computer chips, but no outside agency is ever going to interfere with its operation by way of the Internet.


Each color handles specific peripherals.

When I can take more time from engineering, I will make a prettier graphic. For now, imagine little pictures of keyboards, mice, disk drives, memory sticks, etc, each with a line to a specific square.

Also, imagine the Internet connected only to the SWAMP square. I almost named the swamp the sewer. Let's face it: the World Wide Web is a world wide breeding ground for lots of nastiness - nastiness no one wants getting far into their personal computer "house."

The modern PC, regardless of its operating system, is a one story building with thin doors. The alligators crawl in and they find ... well, to mix the metaphor, they find basically one single disk drive, one single memory space, for practical purposes, everything flat. It's very easy for them to get around - no stairs to climb.

Getting back to peripherals, why not protect the important ones from the alligators? To me, one of the more insidious pieces of malware is the keyboard logger. It hides quietly, doing no damage to anything inside the computer, so without you knowing it, it sends out your account numbers and passwords as you type them.

Why can some random program, uploaded by somebody who is NOT your friend, ever see what you are typing?

Why should you ever have to worry about such a thing? If the imaginary keyboard is attached to the yellow level above, it is far, far away from the swamp. If, say, you are filling out a web form, the form can be pulled into a yellow square, and when you've filled it out, the keystrokes can be pushed out right past the alligators. Pushed out from a yellow square.

A similar situation holds for other peripherals. Your private data should be in a separate memory space, maybe even an extra disk drive, hooked up behind the metal firewall.


Final Thoughts

Are there any new ideas here? Probably not. And yet, no commercial offering implements anything like the system presented here. We are getting closer to the possibility. The newer chips for PCs contain 2, 4, even 8 separate processors. They could be set up in a security hierarchy like this one.

However, one of the key factors for true security in this design is that the processors at the top right should not run the same machine language as the green processors. They should run totally different instructions as protection against any nastyware that may get spoofed past a gateway.

That would nominate many possible processors to fill that bill. However, the FSA is already optimized to support the ideas discussed here, with a number of proprietary approaches to enforce the hierarchical security.





         Introduction to "The Perfect Language"    —   Table of Contents
         Stringing Along    —   Previous
         Why Forth? - Part 2    —   Next
         Glossary




Started: March ??, 2010