Re: Fw: StrongBox Linux and OVC?

From: Edward Cherlin <edward_dot_cherlin_at_etssg_dot_com>
Date: Sat May 08 2004 - 01:07:46 CDT

On Thursday 22 April 2004 18:25, Alan Dechert wrote:
> Forwarding from Liam Helmer
> AD
> ----- Original Message -----
> From: "Liam Helmer" <lhelmer@strongboxlinux.com>
> To: <mail@openvotingconsortium.org>
> Sent: Thursday, April 22, 2004 6:24 PM
> Subject: StrongBox Linux and OVC?
>
> > Hi,
> >
> > I'm the lead developer on the StrongBox Linux project
> > (www.strongboxlinux.com), a rather new project (started last
> > fall) out of Vancouver, Canada. What we're creating is a
> > version of linux that is meant to be secure from the ground
> > up. It seemed like a perfect fit for you project. So, what I
> > thought I'd do, if you're interested in giving me some
> > specifications on creating an install of your software, is
> > offer to build a StrongBox bundle that I'd be able to give
> > to you on a CD-Rom. You'd then be able to plunk it the into
> > any computer that runs something like Knoppix, and run your
> > software in a nearly tamperproof way.

Wonderful. I want a copy.

Would you be interested in doing a port to the Simputer, for use
in embedded systems? We have customers in banking, medicine,
postal money order systems, and other areas where security is a
vital issue.
> > I've included some quick details below, as well as a feature
> > overview. If you want to direct them to the right people,
> > that'd be awsome.
> >
> > ----
> >
> > Boot security in StrongBox:
> >
> > During the bootup process, StrongBox looks for it's OS and
> > configuration, which it will load into RAM. In the secure
> > version of this procedure, a root certificate is included in
> > the initrd, and all OS images and configuration files are
> > verified before boot to have a signature that's valid within
> > that Certificate Authority.
> >
> > Then, the OS boots up, with additional components being
> > loaded, as required. These components can also all be
> > verified according to a complete CA if desired (and
> > configured in the bootup configuration). Additionally,
> > there's failover support in all aspects of the OS, allowing
> > backup copies to be used when a primary copy failed a
> > signature or doesn't exist.
> >
> > If you combine this with a read-only boot medium, which only
> > needs to hold the kernel and the initrd, you have nearly
> > unbreakeable boot-level security. That, combined with OS
> > contexts as you have in the linux-vserver project
> > (www.linux-vserver-org), you have a very secure OS as your
> > platform.
> >
> > ----
> >
> > Anyways, if you guys have any interest, feel free to contact
> > me.
> >
> > Cheers,
> > Liam

-- 
Edward Cherlin, Simputer Evangelist
Encore Technologies (S) Pte. Ltd.
New voices in the global conversation
http://www.ryze.com/go/Cherlin
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Mon May 31 23:17:26 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:16 CDT