Aren't smartphones already an example of starting over? Both IOS and Android run each program in their own sandbox, with highly restricted to nessasary system resources.
At a fundamental level, they're still very similar to every computer on the market. They're very nearly IBM architecture, and the security features you're discussing are added after the fact (not inherent to the architecture itself).
wait, isn't the whole "don't let code and data sit in the same memory" the whole point of the no-execute bit, which AFAIK is hardware enforced on any remotely modern AMD or Intel CPU? Granted it takes OS support, too..
Strict separation of code and data contradicts the definition and purpose of "computers." Single-taped Turing machines do not seperate code and data (it's a single tape and a single "memory space"). Computers are (supposed to be) Turing complete within finite resource limits, meaning they can be used to simulate a single-tape Turing machine.
I dont' really want another single-purpose appliance, so it's kind of a bummer to see the TSA "security" arguments (the article, not you) working to break general-purpose computing... (I think the best we can do for now is a trust system and, for me at least, I still have to see the code to have faith in that.)
As for the "principal of least privilege", well, that was the point of microkernels. We're all using Linux and Windows and Mac OS X (none of which are microkernels), so even if microkernels are "better" they may not be very "practical" for the moment (the old Tanenbaum–Torvalds debate).
Technically NX is the same memory, just different permissions applied to portions. It is possible to have an architecture where code and data are completely separate - http://en.wikipedia.org/wiki/Harvard_architecture
Re: the second question, the problem with NX is that it only protects you from overflows where the attacker jumps into the buffer.
Overflows are still exploitable with NX. The attacker instead jumps to a series of fragments of library code[1]. Since libraries will always be executable, there's no problem (aside from the difficulty of finding the right chain of "gadgets").
ASLR goes some way into preventing return oriented programming (ROP) attacks, but it isn't bulletproof.
Well, it can be argued that any security feature can be circumvented in theory, which is why super-secure networks are fond of air gaps. The NX bit isn't really an air gap, just like ASLR, DEP, and so forth.
The features of a processor designed to protect itself from memory are really just stop gaps on the way to the next paradigm that supplants von Neumann, is I think what Watson is saying.
I've been thinking more and more about the problems holding progress of experience back. I think it's the dogma baked into the operating system itself. I'd love to share my ideas and help build a new OS with people.
You should give more details. A good number of HNers agree with you, have direct experience with building OSes, and a working knowledge of the existing alternatives to the main three.
I don't think the next big thing will be a new operating system -- that's thinking too shallow. We've tried dozens over the years, and right now we're dividing between consumer experience and server work (and poorly at that; no Linux distribution these days bothers to pretend they're separate any more). Plan 9 also swam as far as it could off to the deep end and didn't catch on, for a few reasons; it's a genuinely good model but as we know from this startup game, the good ideas don't always take hold.
I suspect even if you designed something better than Plan 9, which would be a feat, the smart minds and money are already thinking past Intelville. Getting past The Architecture (what do we call it? IBM?) that's been a staple of computing for decades is the next big thing. That's what the author is hinting at, I think, and I'll be interested to read his paper.
(ARM isn't what we're looking for, it's just a better Intel. Same architecture.)
One of my deep-seated beliefs is that backward compatibility can hurt more than benefit, and this is sort of a corollary.
The GUI of computers could be largely rethought, especially after the introduction of mobile devices which raised consumer expectations of user interfaces. I look forward to more subtle touch gestures.
Disagree. They are rethinking DESKTOP UI's these days somehow using "mobile" as argument, and everything after KDE 3.5 and Gnome 2 has only become worse instead of better. Please give me back the proper desktop UIs.
If we're any day going to re-design computer architecture, I think we'll put designing for artificial intelligence more priority than designing for security.
From TFA: “The role of operating system security has shifted from protecting multiple users from each other toward protecting a single…user from untrustworthy applications.…"
Interestingly most OSes are still very good at protecting users from each other. And on Linux (but not on OS X nor on Windows), thanks to how X works, it is trivial to allow one app from another user to access the display (and only the display) of another user.
So my way of protecting myself, the user, from the untrustworthy applications (mainly the web browser and it's daily major Java / Flash / CSS / JavaScript / etc. security issues) is to run applications in separate user accounts.
One browser in one user account for my personal email + personal online banking (although that one would be more secure if done from a Live CD), one browser for surfing all the Web, one browser for my professional emails, etc. Most user accounts (beside my developer account which, by default, as no Internet access [but I can whitelist sites per-user using iptables userid rules of course]: no auto-updating of any of the software I'm using) are throwaway and can be reset to default using a script.
As to giving and receiving phonecalls: a good old Nokia phone onto which you cannot even install J2ME apps is perfect ; )
[+] [-] gizmo686|13 years ago|reply
[+] [-] RivieraKid|13 years ago|reply
[+] [-] jfb|13 years ago|reply
[+] [-] jspthrowaway2|13 years ago|reply
An operating system can only do so much.
[+] [-] codinghorror|13 years ago|reply
http://en.wikipedia.org/wiki/NX_bit
If that isn't working well enough, why not? Too much legacy code?
[+] [-] vy8vWJlco|13 years ago|reply
I dont' really want another single-purpose appliance, so it's kind of a bummer to see the TSA "security" arguments (the article, not you) working to break general-purpose computing... (I think the best we can do for now is a trust system and, for me at least, I still have to see the code to have faith in that.)
As for the "principal of least privilege", well, that was the point of microkernels. We're all using Linux and Windows and Mac OS X (none of which are microkernels), so even if microkernels are "better" they may not be very "practical" for the moment (the old Tanenbaum–Torvalds debate).
[+] [-] rogerbinns|13 years ago|reply
[+] [-] mjhall|13 years ago|reply
Overflows are still exploitable with NX. The attacker instead jumps to a series of fragments of library code[1]. Since libraries will always be executable, there's no problem (aside from the difficulty of finding the right chain of "gadgets").
ASLR goes some way into preventing return oriented programming (ROP) attacks, but it isn't bulletproof.
[1] : http://en.wikipedia.org/wiki/Return-oriented_programming
[+] [-] unknown|13 years ago|reply
[deleted]
[+] [-] jspthrowaway2|13 years ago|reply
The features of a processor designed to protect itself from memory are really just stop gaps on the way to the next paradigm that supplants von Neumann, is I think what Watson is saying.
[+] [-] lowglow|13 years ago|reply
[+] [-] pirateking|13 years ago|reply
[+] [-] saraid216|13 years ago|reply
[+] [-] jspthrowaway2|13 years ago|reply
I suspect even if you designed something better than Plan 9, which would be a feat, the smart minds and money are already thinking past Intelville. Getting past The Architecture (what do we call it? IBM?) that's been a staple of computing for decades is the next big thing. That's what the author is hinting at, I think, and I'll be interested to read his paper.
(ARM isn't what we're looking for, it's just a better Intel. Same architecture.)
One of my deep-seated beliefs is that backward compatibility can hurt more than benefit, and this is sort of a corollary.
[+] [-] nate_martin|13 years ago|reply
Buffer of the flow attack eh?
[+] [-] nthitz|13 years ago|reply
[+] [-] mitchi|13 years ago|reply
[+] [-] sichuan2000|13 years ago|reply
[+] [-] Aardwolf|13 years ago|reply
[+] [-] deadairspace|13 years ago|reply
http://www.10gui.com/
[+] [-] sherjilozair|13 years ago|reply
[+] [-] TheBoff|13 years ago|reply
By the time you've finished designing your revolutionary new chip, Moore's law has caught up, and you might as well have just used standard hardware!
[+] [-] jcoder|13 years ago|reply
[+] [-] petermlm|13 years ago|reply
Edit: http://latimesblogs.latimes.com/technology/2011/12/ibm-predi...
[+] [-] mikecane|13 years ago|reply
[+] [-] martinced|13 years ago|reply
Interestingly most OSes are still very good at protecting users from each other. And on Linux (but not on OS X nor on Windows), thanks to how X works, it is trivial to allow one app from another user to access the display (and only the display) of another user.
So my way of protecting myself, the user, from the untrustworthy applications (mainly the web browser and it's daily major Java / Flash / CSS / JavaScript / etc. security issues) is to run applications in separate user accounts.
One browser in one user account for my personal email + personal online banking (although that one would be more secure if done from a Live CD), one browser for surfing all the Web, one browser for my professional emails, etc. Most user accounts (beside my developer account which, by default, as no Internet access [but I can whitelist sites per-user using iptables userid rules of course]: no auto-updating of any of the software I'm using) are throwaway and can be reset to default using a script.
As to giving and receiving phonecalls: a good old Nokia phone onto which you cannot even install J2ME apps is perfect ; )