no 'commodity' OS is 'secure' Re: [Beowulf] Which distro for the cluster?

Andrew Piskorski atp at piskorski.com
Wed Jan 10 06:21:33 PST 2007


On Sun, Jan 07, 2007 at 03:49:50PM -0500, Robert G. Brown wrote:

> I completely agree with this.  As I pointed out earlier in the thread,
> companies such as banks make "conservative" seem downright radical when
> it comes to OS upgrades.  They have to do a complete, thorough,
> comprehensive security audit to change ANYTHING on their machines -- as
> a requirement in federal law, IIRC.  To get them to take you seriously,
> you MUST be prepared to support the OS they install on (once it is
> successfully audited) forever -- until the hardware itself falls apart
> into itty-bitty bits.

And yet these same hyper-'secure' organizations are running Microsoft
Windows, Linux, and/or Unix on these super important, super 'secure',
mission-critical boxes?  Frankly, that's oxymoronic.  It sounds
suspiciously like decision making driven by what the rules and
paperwork says you're supposed to do (aka, CYA), and/or general
myopia, rather than a sound assessment of what the right solution to
the real problem actually is.

We all know that Windows is (much) less secure than Linux, and Linux
is presumably less secure than OpenBSD.  But if you take a step back
and look at the bigger picture, OpenBSD and MS Windows are both in the
same bin, and that bin is labeled, "inherently unreliable and insecure
operating systems".

OpenBSD calls itself "ultra-secure", which is like calling the most
advanced World War II piston-engined fighter planes "ultra-fast".
Yes, it's true, more or less - as long as you're only talking about
other piston engined aircraft, and are content to ignore the existence
of jets and rockets.

It's not something I know much about, but I am told that much more
reliable and secure operating systems do exist, and have been
commercially successfull in niche markets, both now and in the past.
Niche markets like, say, the OS that runs your advanced pacemaker,
some network routers, or aerospace systems.

Now, I assume that using any such non-mainstream system is probably
(so far, to date) significantly more painful, annoying, and thus
expensive than just running Linux.  (And thus is unlikely to be
appropriate for a Beowulf cluster.)

But if you're a huge organization already throwing millions of dollars
into horribly painful manual re-audits of even trivial updates to
"commodity" operating systems for mission-critical "highly secure"
applications, then I strongly suspect that you're already well into
the same cost range where investing those $millions into the use of
secure-by-design systems might well make much more sense.

At some point, no matter how much you like Otto-cycle engines, putting
more and more money and effort into carefully tuning and inspecting
your turbo-supercharged, nitrous oxide injected, hand polished and
streamlined, piston-engined aircraft simply no longer makes sense.  If
you care that much, you should be looking into jets...

Like I said, I don't really know much about such secure-by-design
systems, but I've come across thought provoking discussion in various
places, including:

  http://www.coyotos.org/docs/osverify-2004/osverify-2004.html
  http://www.coyotos.org/docs/misc/linus-rebuttal.html
  http://www.eros-os.org/pipermail/cap-talk/2001-July/000604.html
  http://www.erights.org/talks/captp4omg/captp4omg/sld008.htm
  http://zesty.ca/capmyths/

-- 
Andrew Piskorski <atp at piskorski.com>
http://www.piskorski.com/



More information about the Beowulf mailing list