Asbestos, a new prototype operating system, provides labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express a wide range of policies with Asbestos’s kernel-enforced label mechanism, including controls on inter-process communication and system-wide information flow. A new event process abstraction provides lightweight, isolated contexts within a single process, allowing the same process to act on behalf of multiple users while preventing it from leaking any single user’s data to any other user. Initial tests have been promising, and Eddie Kohler, Asbestos’s creator, hopes that within a few years, Asbestos will be an alternative to server operating systems such as Linux and Windows.
If not, it simply is not worth the effort. It has to compete against OpenBSD …
PS: What a strange name for an OS
Why must it be open source? Since when is closed source bad? If they can pull it off then more power to them I say.
BTW to many, Linux would be considered a strange name like Google and Wii.
> BTW to many, Linux would be considered a strange name
> like Google and Wii.
“Asbestos” is the name of a mineral once thought to be the panacea for all kind of problems and it’s now recognized to be one of the worst pollutants, generating cancers even at the lowest concentrations.
i wonder how many times the human race will run into “perfect solutions” only to find they are a long time health hazard…
asbestos, ddt, anything else people want to add to this (shorter then expected) list?
If it’s not open source it’s not worth looking at – not for me at least. The bar has been raised very high by OpenBSD. There I can see the code – which is absolutely vital not only to me but also to a number of companies in this business. Since when is a closed OS bad? Since Windows? Since all these operating systems where somethiung goes on behind closed doors. For the sake of security: Don’t trust them!
Linux is not a strange name, since it follows common GNU naming “rules”: LINUs (Torvalds) and uniX. Perfectly clear. Nothing negative about it. Read about asbestos and you’ll understand why it is indeed a very strange name …
It is open source, and to get it the OS itself, you have to check the source out from their CVS server (no pre-compiled binaries). One piece is GPLed (Ethernet driver), the rest is a mixture of BSD/MIT licenses.
SO says the person who didn’t visit the website; its opensource; you can download the source code right now off the CVS tree; as for the licence, I’m not too sure, but given its an academic exercise, that’ll depend on who is funding the research, and what the funder wants to get out of the investment.
Sounds interesting but we already have our bases loaded with SELinux, GrSecurity, RSBAC, LIDS, AppArmor, PaX, Exec Shield, and Systrace Linux security options. Lets not forget about OpenBSD as well.
Besides that does this OS have a GUI and what about drivers? Screenshots?
Perhaps it is more appropriate to classify this project as an experiment OS like Microsoft’s Singularity rather than compete against already established ones.
Edited 2006-09-09 19:33
Sounds interesting but we already have our bases loaded with SELinux, GrSecurity, RSBAC, LIDS, AppArmor, PaX, Exec Shield, and Systrace Linux security options.
AppArmor and SELinux provide no protection from buffer overflows. RSBAC, GrSecurity, and PaX have portability issues, and aren’t updated in time with the kernel. Exec Shield is very limited. Only SELinux is in the mainline kernel.
Lets not forget about OpenBSD as well.
True, but it’s good to have alternatives.
Besides that does this OS have a GUI and what about drivers? Screenshots?
Am I missing something? Does an OS actually need a GUI to qualify? GUIs are handy but you can get by without them, and in some cases (read: X server) they may be a PITA security-wise.
Perhaps it is more appropriate to classify this project as an experiment OS like Microsoft’s Singularity rather than compete against already established ones.
True, but wouldn’t it be a good idea to bring it to peoples’ attention so that it has a better chance of becoming an established product?
“Besides that does this OS have a GUI and what about drivers?”
Why? It’s aimed at the server market, not Average Joe’s desktop.
get it?
And also, on the front page: “You can download the current version of asbestos by anonymous cvs.” I’m not interested enough to check the license, but it’s UCLA+DARPA, so I guess there’s half a chance it’s reasonable.
The funny about an Open source OS, is that you can discover flaws very quickly by analysing the code and when you discover a flaw, you can report it, but what if you discover a flaw and don’t? Better, you discover the flaw and use it to kill a firewall at a big ass company? Or to gain root access…
Sure then someone will analyse it, but then again, it will be too late…
Sometimes closed source can be more trusted since discovering flaws, can be much more hard…
Sure that OpenBSD is a great OS, dispite it’s documentation sucks and there’s not many tutorials about it on the net… But i still use it for my Firewall, but the fear of having a geek hacker analysing the code in search for a flaw and using it for ofensive manouvers, has always been a phanton inside my head…
If you’re a “bad hacker” and found an exploit to use against an Open source system, there’s always a greater chance(compared to closed systems) that the flaw will also be found by someone with “better” intentions than yours.
Imagine you’re an office worker, and you’re using almost an open OS that is configured and maintained by the system adminstrator/s following the best possible security practices.
Now follow these steps..
A) Make a habit of turning your computer off each weekend, but once a month or something find an excuse to work one day over on the weekend.
B) Write down the OS kernel version, hardware and other details. Get the motherboard manufacturer & type on one of the weekends.
C) Download the correct version of the OS’s source code at home, strip out any security related code you don’t like and build your own special version of the kernel.
D) Find out how to disable the BIOS setup password for the particular motherboard (download the motherboard manual and figure it out – it’s usually not hard), and after a while (on one of the weekends when no-one else is likely to go to work) pull open the case, clear the BIOS CMOS, reconfigure the BIOS to default settings and set your own BIOS password.
E) At home, download a standard “Boot CD” version of the OS (Knoppix is probably close enough).
F) Finally, boot the machine using the boot CD and get yourself root access to the file-system. Then replace the kernel with your own specially modified kernel.
G) Congratulations, you’ve bypassed any/all security until the next time the system adminstrators upgrade the kernel. Leak as much “secure” data as you can for a month or so and then find another job.
There’s also a few ways you can prevent this sort of thing:
– forbid employees from working after hours (and make sure they can’t be left alone with a computer for long during business hours).
– never allow computers to be turned off and setup some form of “heartbeat” so system administrators know when one goes offline.
– make sure all cases are locked and cases can’t be opened by anyone with a normal screwdriver.
– don’t store the open source kernel on the computer itself (network boot).
– use a closed source OS, so that the user can’t create their own insecure version of the kernel.
Now consider the number of people who take company laptops home with them….
Yes, that could theoretically happen. But then you’re a criminal and will be persecuted by the copany, because the company will find out. Honestly, how many employees have that much criminal energy?
Anyway, this kind of thing has been brought up against open source again and again. It’s just on the contrary. Open source is more secure and more stable than any commercial OS. As I said, think OpenBSD
Edited 2006-09-10 05:12
Do you understand who DARPA is (where the funding for the Asbestos OS is coming from)? It’s the American Department of Defense’s “advanced research” department. I would assume they’re worried about something more significant than a secretary obtaining Joe Smith’s porn collection without Joe’s permission.
For DARPA and the DoD, “could theoretically happen” means “entirely unusable” (unless this sort of security hole is prevented by some other means).
*sigh* Yes, I know them. Following your and the original poster’s argument, Windows XP should be an ultra secure operating system since the kernel is non-free. Well, it isn’t. Strange, isn’t it? But just why? And why is OpenBSD – an open source OS – the ultra secure operating system? So secure even DARPA has funded them …
It could theoretically happen that the kernel source from a closed-source OS leaks. Yes, it has happened, and it is going to happen again.
Again: if there’s enough criminal energy, a closed-source OS won’t prevent you from doing these things. On the contrary, it’s even more challenging.
I think you’re confusing 2 seperate issues here – security holes in the software (which is where open source is better), and security holes outside of the software (e.g. freely downloadable/modifyable source code).
Given a “perfectly secure” open source OS, almost anyone who knows how to program can create their own “hacked” version of it. For e.g. it’d probably take me around 20 minutes to change the Linux kernel so it ignores all file permissions, and another 10 minutes to install my hacked kernel onto your computer (assuming you have no BIOS password, like most of us).
For Windows (any version), there’s no way I can get all of the source code, and no way I can compile my own hacked version. If I cared I might find enough information to expose a security flaw in the “unhacked” OS, but this is an entirely different matter that has nothing to do with anything I’ve said so far.
If you are talking about the source that got leaked from MS that was related with windows 2000, well, some sites that have analised the code, found things like “Is this bug really necessary” or “Don’t use tabs because the compiler can’t recognise as 4 spaces”, but there was also pieces of code that were really well programed and very eficient… Besides, it was windows 2K, that was six years ago…
But not running from the topic of the reply, When we say that closed source can be much more secure, we are talking about the compiling and analising the code. In windows, you can’t simply download the code and read all lines of code related to the network system to find bugs, you need to do it by brute force, using your imagination in trying to create exceptions in the network system that can crash the firewall or even some processes, or hacking in using an exception that simply gives you root access. In Linux, simple read the code and find out those exceptions and i can garatee to all of you, when those unique exceptions are discovered by “Bad hackers”, it will be too late for some companies when the kernel patch arrives…
You can find and clear all those bugs in an open source OS, but you can also use them easily… It’s the Pro’s and Con’s in the Open Source world
bla, i repeated the post accidentaly… sorry, cant remove this post :S
Edited 2006-09-10 14:49
All of that can just as easily be done with a closed source OS. Having an open source kernel is totaly unnecessary. And anyway the above steps are totaly useless.
Companies don’t store top secret files that employees shouldn’t have access to on employees clients. They store them on servers. All you have done is rooted your workstation, something which can be done much easier than in the above steps. Having root access on your client box doesn’t make it any easier to hack the server.
Imagine you’re an office worker, and you’re using almost an open OS that is configured and maintained by the system adminstrator/s following the best possible security practices.
<snip>
I can break a closed source copy of windows far easier than all of those steps.
All I need is a free iso available on the web that boots a linux kernel and allows me to *clear* out the local admin account password on any 2k/xp machine.
I’ve done this in a pinch when I didn’t have time to wait until monday for IT to unlock the system per company policy.
It did not require me to know how to code a thing, i didn’t have to modify a kernel and I was in the system in under 2 minutes. Literally 2 reboots and it was done.
I don’t think open source or closed source have a real advantage in this department as I’ve seen ways a determined person with physical access to the machine can get into either one in pretty short order.
Edited 2006-09-10 15:39
“Now follow these steps.. ”
Anyone able to follow all of these steps would also be able to break securuity even easier with Windows or OSX.
“- use a closed source OS, so that the user can’t create their own insecure version of the kernel.”
Yes, because it’s totally impossible to boot from removable devices or the network.
“Now consider the number of people who take company laptops home with them….”
And how are you to prevent these people from leaking information they already have access to by using a closed source OS?
Except that for people who know what they are doing searching for security flaws in binaries is almost just as easy as searching for flaws in source code.
“Sure that OpenBSD is a great OS, dispite it’s documentation sucks”
Sorry, the OpenSBD documentation is excellent.
“and there’s not many tutorials about it on the net.”
Tutorials aren’t needed much when the included documentation is good.
“but the fear of having a geek hacker analysing the code in search for a flaw and using it for ofensive manouvers, has always been a phanton inside my head…”
Good thing “geek hackers” are completely unable to penetrate closed source operating systems.
They have some code on an anonymous cvs and guess what this is licensed under a BSD-style license with a small part under the GPL (just the e1000 driver).
…that I’m installing this thing anytime soon. OpenBSD already does its job quite well, there’s no need to re-invent the wheel.
OpenBSD doesn’t do what Asbestos is trying to do. If you read the pdf’s on the website you’ll see that Asbestos is trying to do much more than OpenBSD currently does, security wise.
As stated before it is funded by DARPA. This probably means that OpenBSD can not be used because, well DARPA has some issues in that regard. See
http://marc.theaimsgroup.com/?l=openbsd-misc&m=105061580500738&w=2
And / or google for “theo de raad + darpa”
On the whole closed source vs. open source security debate. Someone stated that “while a cracker can find a security flaw it is fairly reasonable that a hacker with good intentions can find the same flaw and fix it”. I agree with this.
With closed source the vendor is likely to never find out, at least I don’t think that software vendors like spending much money for regular security audits if that money could be spent on marketing, feature development etc.
So I guess the only way that closed source software could be on par with open source is:
1) The Open Source software doesn’t have dedicated / enough etc. developers
2) The closed source software consists of a [small] team with a mindset on security first
If there is a choice I’d always pick the Open Source software because if all else fails and I really need security I can look at the code myself or hire experts to do it for me.
EDIT: This is possible for some closed source code as well as the vendors provide source code for governments etc. some times but still most of the time, it is not.
Edited 2006-09-11 07:33
This functionality is not something new. Please look at MAC/LSM.
This is an interesting paper, the functionality (as they admit) is not a new idea (lookup BSD Jails). It’s mainly about a way to implement the functionality in a way which isn’t incredibly complex and doesn’t consume vast resources.
I don’t know if Asbestos will become a widely used OS but if the functionality can become widespread that’s only a good thing.
cannot compete as it lacks flexibility in security policy implementation.