Re: Fw: StrongBox Linux and OVC?

From: Nathan L. Adams <adamsn79_at_bellsouth_dot_net>
Date: Fri Apr 23 2004 - 07:08:48 CDT

arthur@openvotingconsortium.org bounces for me. I would like to be added to
the OVC-Demo-Team list as well.

Nathan

On Thursday 22 April 2004 10:35 pm, David Mertz wrote:
> Hi Liam,
>
> This is a wonderful offer you have made, and a great opportunity for
> OVC.
>
> First thing, I think we should move this discussion to the more
> technical OVC-Demo-Team list. A lot of subscribers to the
> Voting-Project list are not necessarily technical people. Both list,
> in any case, are archived and publicly viewable at:
>
> http://gnosis.python-hosting.com/voting-project/
>
> To post to the OVC-Demo-Team list, Arthur Keller
> (arthur@openvotingconsortium.org) needs to add you to the list; would
> you write him, Liam, if you are interested in being added.
>
> There are a number of requirements we will have for an "EVMix"
> live-CD--most of them what we DON'T want included more than what we
> want. For example, if we leave out all networking code, that makes us
> feel even more confident remote attacks won't accidentally be enabled.
>
> But let's continue this on the technical list.
>
> All the best, David...
>
> > ----- Original Message -----
> > From: "Liam Helmer" <lhelmer@strongboxlinux.com>
> > To: <mail@openvotingconsortium.org>
> > Sent: Thursday, April 22, 2004 6:24 PM
> > Subject: StrongBox Linux and OVC?
> >
> >> Hi,
> >>
> >> I'm the lead developer on the StrongBox Linux project
> >> (www.strongboxlinux.com), a rather new project (started last fall) out
> >> of Vancouver, Canada. What we're creating is a version of linux that
> >> is
> >> meant to be secure from the ground up. It seemed like a perfect fit
> >> for
> >> you project. So, what I thought I'd do, if you're interested in giving
> >> me some specifications on creating an install of your software, is
> >> offer
> >> to build a StrongBox bundle that I'd be able to give to you on a
> >> CD-Rom.
> >> You'd then be able to plunk it the into any computer that runs
> >> something
> >> like Knoppix, and run your software in a nearly tamperproof way.
> >>
> >> I've included some quick details below, as well as a feature overview.
> >> If you want to direct them to the right people, that'd be awsome.
> >>
> >> ----
> >>
> >> Boot security in StrongBox:
> >>
> >> During the bootup process, StrongBox looks for it's OS and
> >> configuration, which it will load into RAM. In the secure version of
> >> this procedure, a root certificate is included in the initrd, and all
> >> OS
> >> images and configuration files are verified before boot to have a
> >> signature that's valid within that Certificate Authority.
> >>
> >> Then, the OS boots up, with additional components being loaded, as
> >> required. These components can also all be verified according to a
> >> complete CA if desired (and configured in the bootup configuration).
> >> Additionally, there's failover support in all aspects of the OS,
> >> allowing backup copies to be used when a primary copy failed a
> >> signature
> >> or doesn't exist.
> >>
> >> If you combine this with a read-only boot medium, which only needs to
> >> hold the kernel and the initrd, you have nearly unbreakeable
> >> boot-level
> >> security. That, combined with OS contexts as you have in the
> >> linux-vserver project (www.linux-vserver-org), you have a very secure
> >> OS
> >> as your platform.
> >>
> >> ----
> >>
> >> Anyways, if you guys have any interest, feel free to contact me.
> >>
> >> Cheers,
> >> Liam

-- 
Nathan L. Adams
<nadams <at> ieee.org>
Public Key:
http://pgpkeys.mit.edu:11371/pks/lookup?op=vindex&search=0x808D1100
Fingerprint:
CCB9 8860 61F5 181B 0FEC  E81C D904 D347 808D 1100
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Fri Apr 30 23:17:17 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT