Wednesday, January 11, 2017

Virtual Machine Based Secure Operating System

Needless to say computer viruses, malware, hacker intrusions are really big problems today.
I believe the main cause of this is most computer software (including Operating Systems themselves)
are written using unsecure programming languages, C/C++ and alike.

C programming language was created to write an Operating System (OS) back in the 70s.
It is a minimalist language provides a deep level of control over a computer system hardware, close to Assembly language(s).
It allows creating software that has minimal size and maximal speed.
But it comes with a big trade-off which is minimal security.
All large computer software contain bugs (which are mistakes made by programmers).
The problem with unsecure programming languages is that any bug (big/small) anywhere in a software allows a malware/hacker/virus to take full control of a computer system (like modify/delete any files/settings etc).

The simple solution would be re-write/replace all computer software written in unsecure languages.
But this could easily take decades.
A more practical solution would be to modify popular computer operating systems to be resistant against software bugs.
One existing solution used today is called Sandboxing in which OS runs each application software in isolated way from others.
(Which obviously does not solve the problem completely.)

A better solution:
Imagine a computer OS which is also a VM (or OS and VM working closely together always).
Let's call it VMOS.
So only software that actually executes using physical processor(s) is VMOS
and all other software applications executed by VMOS (so they never have direct access to the processor(s)).
That means in this computer system no software can do anything w/o going thru the VMOS.
And imagine that if the VMOS has a set of security rules that it checks whenever appropriate
then there would be no way for any software to circumvent those security rules.
(And no software could ever access those security rules and modify/delete them either since
they have to go thru the VMOS and it would not allow it.)

Those security rules would be rules like:
No software can modify any OS files (including its security rules).
No software can modify any executable file (especially if it is not a part of that same software package).
(More security rules can be added as needed in the future.)

Also it should be easy to see whenever a bug causes a software (application) to crash it would be easily contained by the VMOS w/o allowing anyone to take control of the computer system.
(Because remember all software is actually run by the VMOS so they can easily be stopped by the VMOS also.)

No comments:

Post a Comment