Building a secure OS from the ground up
For most computer operating systems, ongoing security requires endlessly issuing patches to eliminate the latest discovered vulnerabilities. And, of course, many of those vulnerabilities are discovered only after some bad actor has exploited them. According to Guofei Gu, associate professor of computing at Texas A&M, that sad state of affairs is the result of the fact that most operating systems were designed without security in mind.
Gu and colleagues at four other universities -- Clemson, the University of Colorado, the University of North Carolina, and the University of Texas -- have received $3 million from the National Science Foundation and VMware for a three-year project to build a new operating system, this time with security as a primary consideration.
The key difference between S2OS and other operating systems, Gu said, is that it is being developed as software-defined hypervisor that creates and manages virtual machines. The two S's -- signified by “S2” in its name -- refer to “software-defined infrastructure” and “security.” S2OS’s software-defined hypervisor is being designed to centrally manage networking, storage and computing resources.
Building the OS as a software-designed infrastructure that supports virtual machines delivers advantages that older operating systems can only approximate.
First, since the OS is itself running as a virtual machine it is protected from attacks at the application layer. “Even if someone can hack into an application, our security services are isolated from that so we are immune from this kind of attack,” Gu said. “We call it strong isolation.”
Another advantage of S2OS operating as a hypervisor is that it sits above all program and network activity. “We provide global visibility,” he said. “We can be aware of what's going on in the whole infrastructure.” Existing operating systems, Gu explained, are only aware of what is taking place in a single process at a time. “Sometimes when something happens if you look locally it doesn't look like an attack, but if you look globally it is indeed an attack,” he said.
Finally, since S2OS is itself a centrally managed virtual machine, if a piece of malware is developed that succeeds in attacking it, dealing with the threat means making a software fix that doesn’t have to be issued for updating to countless servers. “Software-defined infrastructure makes it easy to change to respond to malware,” Gu said.
S2OS is not being designed for end users. Instead, it’s being designed for the underlying infrastructure to which consumer OS's such as Microsoft Windows and Apple OS X will connect. But end users will still benefit from S2OS security. “They will be protected because the underlying software-defined infrastructure layer, including networking and communications, can be monitored and protected by S2OS,” Gu said. “Every activity the users do -- clicking links, transferring data, browsing the internet -- in their regular OS's will eventually go through the underlying infrastructure layer and thus can be protected.”
Businesses and other organizations will benefit, too, from stronger security at a lower cost.
“What we want to provide is a unified security management space,” Gu said. “You can buy individual secure services, which is very expensive. Our solution is software-defined, which means you don't have to buy a very expensive appliance.”
Gu said that the team expects to have a prototype ready in about three years that will be available as open-source software.
Posted by Patrick Marshall on Jul 06, 2017 at 2:15 PM