[Info-vax] Some Reading on System and Server Security
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Wed Dec 19 14:59:03 EST 2018
As OpenVMS claims to be "the most secure operating system on the
planet", here is some related reading on what other operating systems
have implemented:
First some hardware...
AMD Secure Encrypted Virtualization: https://developer.amd.com/sev/
"Hardware accelerated memory encryption for data-in-use protection.
Takes advantage of new security components available in AMD EPYC
processors"
Intel MKTME:
https://schd.ws/hosted_files/kvmforum2018/f6/mktme_kvm_forum_2018.pdf
"Protect Data of Virtual Machines with MKTME on KVM"
Then a Windows-related change...
Windows Sandbox:
https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849
"...Windows Sandbox: an isolated, temporary, desktop environment where
you can run untrusted software without the fear of lasting impact to
your PC. Any software installed in Windows Sandbox stays only in the
sandbox and cannot affect your host. Once Windows Sandbox is closed,
all the software with all its files and state are permanently deleted."
And some interesting and security-focused operating systems of note...
HardenedBSD: https://hardenedbsd.org/content/about
"HardenedBSD is a security-enhanced fork of FreeBSD. The HardenedBSD
Project is implementing many exploit mitigation and security
technologies on top of FreeBSD. The project started with Address Space
Layout Randomization (ASLR) as an initial focal point and is now
implementing further exploit mitigation techniques." This reference
included largely as there was a recent comment else-thread claiming
there were already too many BSD variants around, so here's an
additional BSD variant to ponder.
seL4: https://sel4.systems https://sel4.systems/Info/Docs/seL4-brochure.pdf
"The world's first operating-system kernel with an end-to-end proof of
implementation correctness and security enforcement is available as
open source."
For folks interested in security-related reading:
https://www.humblebundle.com/books/hacking-for-the-holidays-books
The _Serious Cryptography_ book is well worth a read for anyone
interested in modern crypto, and this is the cheapest I've seen it
priced. I routinely use Metasploit to look for common configuration
errors on OpenVMS systems, too.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list