Re: Fw: StrongBox Linux and OVC?

From: Arthur Keller <arthur_at_kellers_dot_org>
Date: Fri Apr 23 2004 - 08:45:45 CDT

Done.

Arthur

At 8:08 AM -0400 4/23/04, Nathan L. Adams wrote:
>arthur@openvotingconsortium.org bounces for me. I would like to be added to
>the OVC-Demo-Team list as well.
>
>Nathan
>
>On Thursday 22 April 2004 10:35 pm, David Mertz wrote:
>> Hi Liam,
>>
>> This is a wonderful offer you have made, and a great opportunity for
>> OVC.
>>
>> First thing, I think we should move this discussion to the more
>> technical OVC-Demo-Team list. A lot of subscribers to the
>> Voting-Project list are not necessarily technical people. Both list,
>> in any case, are archived and publicly viewable at:
>>
>> http://gnosis.python-hosting.com/voting-project/
>>
>> To post to the OVC-Demo-Team list, Arthur Keller
>> (arthur@openvotingconsortium.org) needs to add you to the list; would
>> you write him, Liam, if you are interested in being added.
>>
>> There are a number of requirements we will have for an "EVMix"
>> live-CD--most of them what we DON'T want included more than what we
>> want. For example, if we leave out all networking code, that makes us
>> feel even more confident remote attacks won't accidentally be enabled.
>>
>> But let's continue this on the technical list.
>>
>> All the best, David...
>>
>> > ----- Original Message -----
>> > From: "Liam Helmer" <lhelmer@strongboxlinux.com>
>> > To: <mail@openvotingconsortium.org>
>> > Sent: Thursday, April 22, 2004 6:24 PM
>> > Subject: StrongBox Linux and OVC?
>> >
>> >> Hi,
>> >>
>> >> I'm the lead developer on the StrongBox Linux project
>> >> (www.strongboxlinux.com), a rather new project (started last fall) out
>> >> of Vancouver, Canada. What we're creating is a version of linux that
>> >> is
>> >> meant to be secure from the ground up. It seemed like a perfect fit
>> >> for
>> >> you project. So, what I thought I'd do, if you're interested in giving
>> >> me some specifications on creating an install of your software, is
>> >> offer
>> >> to build a StrongBox bundle that I'd be able to give to you on a
>> >> CD-Rom.
>> >> You'd then be able to plunk it the into any computer that runs
>> >> something
>> >> like Knoppix, and run your software in a nearly tamperproof way.
>> >>
>> >> I've included some quick details below, as well as a feature overview.
>> >> If you want to direct them to the right people, that'd be awsome.
>> >>
>> >> ----
>> >>
>> >> Boot security in StrongBox:
>> >>
>> >> During the bootup process, StrongBox looks for it's OS and
>> >> configuration, which it will load into RAM. In the secure version of
>> >> this procedure, a root certificate is included in the initrd, and all
>> >> OS
>> >> images and configuration files are verified before boot to have a
>> >> signature that's valid within that Certificate Authority.
>> >>
>> >> Then, the OS boots up, with additional components being loaded, as
>> >> required. These components can also all be verified according to a
>> >> complete CA if desired (and configured in the bootup configuration).
>> >> Additionally, there's failover support in all aspects of the OS,
>> >> allowing backup copies to be used when a primary copy failed a
>> >> signature
>> >> or doesn't exist.
>> >>
>> >> If you combine this with a read-only boot medium, which only needs to
>> >> hold the kernel and the initrd, you have nearly unbreakeable
>> >> boot-level
>> >> security. That, combined with OS contexts as you have in the
>> >> linux-vserver project (www.linux-vserver-org), you have a very secure
>> >> OS
>> >> as your platform.
>> >>
>> >> ----
>> >>
>> >> Anyways, if you guys have any interest, feel free to contact me.
>> >>
>> >> Cheers,
>> >> Liam
>
>--
>Nathan L. Adams
><nadams <at> ieee.org>
>
>Public Key:
>http://pgpkeys.mit.edu:11371/pks/lookup?op=vindex&search=0x808D1100
>Fingerprint:
>CCB9 8860 61F5 181B 0FEC E81C D904 D347 808D 1100

-- 
-------------------------------------------------------------------------------
Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Fri Apr 30 23:17:17 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT