Fw: StrongBox Linux and OVC?

From: Alan Dechert <alan_at_openvotingconsortium_dot_org>
Date: Thu Apr 22 2004 - 20:25:06 CDT

Forwarding from Liam Helmer
----- Original Message -----
From: "Liam Helmer" <lhelmer_at_strongboxlinux_dot_com>
To: <mail@openvotingconsortium.org>
Sent: Thursday, April 22, 2004 6:24 PM
Subject: StrongBox Linux and OVC?

> Hi,
> I'm the lead developer on the StrongBox Linux project
> (www.strongboxlinux.com), a rather new project (started last fall) out
> of Vancouver, Canada. What we're creating is a version of linux that is
> meant to be secure from the ground up. It seemed like a perfect fit for
> you project. So, what I thought I'd do, if you're interested in giving
> me some specifications on creating an install of your software, is offer
> to build a StrongBox bundle that I'd be able to give to you on a CD-Rom.
> You'd then be able to plunk it the into any computer that runs something
> like Knoppix, and run your software in a nearly tamperproof way.
> I've included some quick details below, as well as a feature overview.
> If you want to direct them to the right people, that'd be awsome.
> ----
> Boot security in StrongBox:
> During the bootup process, StrongBox looks for it's OS and
> configuration, which it will load into RAM. In the secure version of
> this procedure, a root certificate is included in the initrd, and all OS
> images and configuration files are verified before boot to have a
> signature that's valid within that Certificate Authority.
> Then, the OS boots up, with additional components being loaded, as
> required. These components can also all be verified according to a
> complete CA if desired (and configured in the bootup configuration).
> Additionally, there's failover support in all aspects of the OS,
> allowing backup copies to be used when a primary copy failed a signature
> or doesn't exist.
> If you combine this with a read-only boot medium, which only needs to
> hold the kernel and the initrd, you have nearly unbreakeable boot-level
> security. That, combined with OS contexts as you have in the
> linux-vserver project (www.linux-vserver-org), you have a very secure OS
> as your platform.
> ----
> Anyways, if you guys have any interest, feel free to contact me.
> Cheers,
> Liam

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain

Received on Fri Apr 30 23:17:17 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT