A Machine for Keeping Secrets?

Acknowledgements

I'd like to thank a few people for their input: Alan Karp of HP Labs, and Ben Laurie and David Drysdale of Google (and Capsicum).

And thanks to Doc too, for inviting me to do this.

Resources

British War Office: https://en.wikipedia.org/wiki/War_Office

Enigma: http://www.bbc.co.uk/history/topics/enigma

Bletchley Park: http://www.bletchleypark.org.uk/content/hist/worldwartwo/industrialisation.rhtm

Ultra: https://en.wikipedia.org/wiki/Ultra

"How Zero-Day Exploits Are Bought & Sold": http://null-byte.wonderhowto.com/inspiration/zero-day-exploits-are-bought-sold-0159611

Operation Mincemeat: https://en.wikipedia.org/wiki/Operation_Mincemeat

The Man Who Never Was (a film about Operation Mincemeat): https://en.wikipedia.org/wiki/The_Man_Who_Never_Was

"NSA purchased zero-day exploits from French security firm Vupen": http://www.zdnet.com/article/nsa-purchased-zero-day-exploits-from-french-security-firm-vupen

IBM and the Holocaust: https://en.wikipedia.org/wiki/IBM_and_the_Holocaust

Principle of Least Privilege: http://en.wikipedia.org/wiki/Principle_of_least_privilege

"restarting a testing build of squid results in deleting all files in a hard-drive": https://bugzilla.redhat.com/show_bug.cgi?id=1202858

Capability-Based Security: https://en.wikipedia.org/wiki/Capability-based_security

From Objects to Capabilities: Capability Operating Systems: http://erights.org/elib/capability/ode/ode-capabilities.html

Security-Enhanced Linux: https://en.wikipedia.org/wiki/Security-Enhanced_Linux

POSIX Capabilities: https://friedhoff.org/posixfilecaps.html

"Using POSIX capabilities in Linux, part one (avoiding the use of setuid)": http://archlinux.me/brain0/2009/07/28/using-posix-capabilities-in-linux-part-one

EROS (The Extremely Reliable Operating System): http://www.eros-os.org/eros.html

CapROS (The Capability-Based Reliable Operating System): http://www.capros.org

The Coyotos Secure Operating System: http://www.coyotos.org

"Explain Like I'm 5: Kerberos": http://www.roguelynn.com/words/explain-like-im-5-kerberos

Who Wrote SELinux?: https://www.nsa.gov/research/selinux

Patch: https://en.wikipedia.org/wiki/Patch_(computing)

Linux Kernel: https://en.wikipedia.org/wiki/Linux_kernel

Mandatory Access Control (MAC):

"Tech Titans Launch 'Core Infrastructure Initiative' to Secure Key Open Source Components": http://www.securityweek.com/tech-titans-launch-core-infrastructure-initiative-secure-key-open-source-components

Heartbleed:

"The Internet Is Being Protected by Two Guys Named Steve": http://www.buzzfeed.com/chrisstokelwalker/the-internet-is-being-protected-by-two-guys-named-st#.earzPzxNAB

"US government increases funding for Tor, giving $1.8m in 2013": http://www.theguardian.com/technology/2014/jul/29/us-government-funding-tor-18m-onion-router

Clipper Chip: https://en.wikipedia.org/wiki/Clipper_chip

Google Transparency Report: https://www.google.com/transparencyreport/userdatarequests/US

"Capsicum: practical capabilities for UNIX": https://lwn.net/Articles/482858

Capsicum for Linux: https://www.cl.cam.ac.uk/research/security/capsicum/linux.html

Linux Kernel with Capsicum Support: https://github.com/google/capsicum-linux

Ethereum: https://ethereum.org

Smart Contract: https://en.wikipedia.org/wiki/Smart_contract

Dapps for Beginners (Ethereum contract tutorials): https://dappsforbeginners.wordpress.com

Namecoin: https://namecoin.info

"A history of bitcoin hacks": http://www.theguardian.com/technology/2014/mar/18/history-of-bitcoin-hacks-alternative-currency

Device democracy—Saving the future of the Internet of Things: http://public.dhe.ibm.com/common/ssi/ecm/en/gbe03620usen/GBE03620USEN.PDF

Endpoint Security: http://searchmidmarketsecurity.techtarget.com/definition/endpoint-security

______________________

Vinay Gupta is the release coordinator for Ethereum, a FOSS scriptable blockchain platform.