The OLPC project has been a fascinating one to watch, receiving both high acclaim and criticism from many in the industry. Given that their aim is to give millions of children access to computers and the Internet, a huge concern is security. We all know that if millions of new computers suddenly pop on to the net, there's going to be millions of new targets. The OLPC project is aware of this, and have long talked about their very robust security. Just what is their security, though? If you're interested, they have detailed many of the steps they've taken, and I am actually impressed. Rather than relying on antivirus packages, firewalls and user prompts, they've designed a system from scratch, dubbed BitFrost:
Under BitFrost, every program runs in its own virtual machine with a limited set of permissions. Thus a picture viewer can't access the web, so even if a hacker comes up with an exploit that lets him control the program, he couldn't use it to grab all the photos on the laptop and upload them to the internet.
From a redesign of how permissions are handled to a very strict sandboxing on every program, it looks very nice. One particularly interesting concept to me was the perpetual security certificate, which will supposedly deter theft by essentially bricking the machine if it can't get a valid lease extension in time. It is a little odd, considering it would seem the unit could very easily be bricked if someone just forgets to turn it on now and then. However, the article is very interesting - and I very much am looking forward to seeing how robust these units actually are in the field.