Lab 7 - Discussion on Securing Operating Systems
Slashdot recently had an article about
Alan Cox's
EuroOSCON 2005 presentation on computer security in the next 50 years.
There is also
an
interview with Alan Cox on this matter on O'Reilly's website and its
corresponding
Slashdot article. Read through the comments and interview and then we'll
discuss the ideas. Some of the key ideas are using new programming languages
with stricter rules, source code verification and provably secure code to
reduce bugs in programs, handling user "mistakes" (e.g. clicking an attachment
in an email that they shouldn't have clicked) through stricter mandatory access
control, having proactive ("defense in depth") rather than reactive systems,
and the driving force for making more secure systems.
If you cannot attend the lab, email me your thoughts on this matter. Otherwise,
attendance in the lab counts as your "writeup".