Million-Dollar Security for $100 Laptop
The more I read about this project, the more I like it. A laptop with such limited specs would be commercially useless in developed nations, but, due to its proposed mission and environment, would need to be virtually bulletproof in terms of stability of the operating system. Not many sys admins in rural Rwanda, after all.
The One Laptop Per Child project, which proposes to give every child in the developing world a computer of his own, dazzled fans with the unveiling of its little green "$100 laptop" in November 2005. Now it's impressing hard-bitten security geeks with a plan to lock down the hundreds of millions of educational machines against spyware and computer intruders.
The laptop, officially called the XO, includes a swiveling LCD screen that can switch between low-resolution color and higher-resolution black-and-white. It also has a camera and microphone that enable clear video calls, three USB ports, 128 MB of RAM, 512 MB of flash storage, built-in Wi-Fi with extraordinary range, a long-lasting battery rechargeable by a cord or car battery, and a custom, Linux-based operating system that prefers tags to a traditional file system. Every full-grown geek who sees the 7.5-inch screen asks how they can buy one.
Millions of XO laptops are expected to go into production late in 2007, with Thailand, Brazil, Uruguay and Rwanda, among others, signed up for the launch. If all goes according to plan, that will make the XO laptop's operating system one of the more common platforms in the world. And with kids as young as 6 as target users, hackers may already be dreaming of taking computers from babies through rogue code.
But it should come as no surprise -- given how thoroughly the project has rewritten the conventions of what a laptop should be -- that the XO's security isn't built on firewalls and antivirus software.
Instead, the XO will premiere a security system that takes a radical approach to computer protection. For starters, it does away with the ubiquitous security prompts so familiar to users of Windows and antivirus software, said Ivan Krstic, a young security guru on break from Harvard who's in charge of security for the XO.
"How can you expect a 6-year-old to make a sensible decision when 40-year-olds can't?" Krstic asked in a session at the RSA Conference. Those boxes simply train users to check "yes," he argued.
Krstic's system, known as the BitFrost platform, has only one user prompt (turning on the camera) and imposes limits on every program's powers. Under BitFrost, every program runs in its own virtual machine with a limited set of permissions. Thus a picture viewer can't access the web, so even if a hacker comes up with an exploit that lets him control the program, he couldn't use it to grab all the photos on the laptop and upload them to the internet.