[Info-vax] Some Reading on System and Server Security
IanD
iloveopenvms at gmail.com
Sat Dec 29 08:27:45 EST 2018
On Thursday, December 20, 2018 at 6:59:05 AM UTC+11, Stephen Hoffman wrote:
> As OpenVMS claims to be "the most secure operating system on the
> planet", here is some related reading on what other operating systems
> have implemented:
>
>
> First some hardware...
>
> AMD Secure Encrypted Virtualization: https://developer.amd.com/sev/
> "Hardware accelerated memory encryption for data-in-use protection.
> Takes advantage of new security components available in AMD EPYC
> processors"
>
> Intel MKTME:
> https://schd.ws/hosted_files/kvmforum2018/f6/mktme_kvm_forum_2018.pdf
> "Protect Data of Virtual Machines with MKTME on KVM"
>
>
>
> Then a Windows-related change...
>
> Windows Sandbox:
> https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849
>
> "...Windows Sandbox: an isolated, temporary, desktop environment where
> you can run untrusted software without the fear of lasting impact to
> your PC. Any software installed in Windows Sandbox stays only in the
> sandbox and cannot affect your host. Once Windows Sandbox is closed,
> all the software with all its files and state are permanently deleted."
>
>
>
> And some interesting and security-focused operating systems of note...
>
> HardenedBSD: https://hardenedbsd.org/content/about
> "HardenedBSD is a security-enhanced fork of FreeBSD. The HardenedBSD
> Project is implementing many exploit mitigation and security
> technologies on top of FreeBSD. The project started with Address Space
> Layout Randomization (ASLR) as an initial focal point and is now
> implementing further exploit mitigation techniques." This reference
> included largely as there was a recent comment else-thread claiming
> there were already too many BSD variants around, so here's an
> additional BSD variant to ponder.
>
> seL4: https://sel4.systems https://sel4.systems/Info/Docs/seL4-brochure.pdf
> "The world's first operating-system kernel with an end-to-end proof of
> implementation correctness and security enforcement is available as
> open source."
>
>
>
> For folks interested in security-related reading:
> https://www.humblebundle.com/books/hacking-for-the-holidays-books
> The _Serious Cryptography_ book is well worth a read for anyone
> interested in modern crypto, and this is the cheapest I've seen it
> priced. I routinely use Metasploit to look for common configuration
> errors on OpenVMS systems, too.
>
>
>
>
> --
> Pure Personal Opinion | HoffmanLabs LLC
Some very good reads in this list - Thanks!
Interesting that the seL4 microkernel is Australian - never heard of it (not that this means much!). It doesn't surprise me that it's UNSW based though and it looks like the Australian government is involved, since the CSIRO has a hand in things (That's the Australian government science arm)
Looks like ARM features heavily with this too. I'm seeing more ARM stuff being pitched - OpenVMS on ARM one day?
For a good eye opener as to how quickly hackers can pull apart systems, watching some of the stuff at DEF CON is certainly an eye opener. It's been a long long time since VMS did well at DEF CON. I think the last time it got a review there significant issues with it's security was revealed.
I think most people have little idea how advanced some of the hackers are out there at the individual level, yet alone the corporate and State level
OpenVMS has a LOT of work to do on the security side
Plenty of interesting topics at DEF CON 26
https://www.youtube.com/playlist?list=PL9fPq3eQfaaD0cf5c7wkzMoj2kifzGO4U
More information about the Info-vax
mailing list