Japan to develop and deploy open source "Secure VM"

Hi,

--------------------------------------------------------------------
Japan to develop and deploy open source "Secure VM"
--------------------------------------------------------------------
Japan's National Information Security Center (NISC) officially
announced on Tuesday that it plans to develop "Secure VM"
(secure virtual machine) and release it as open source software.
http://www.bits.go.jp/press/pdf/securevm.pdf (in Japanese)

Data breach (especially information leak via virus-infected P2P
file-sharing programs) has been a social problem in Japan for these
two years, and it seems that to solve it is one of the project's
goals.
http://www.asahi.com/english/Herald-asahi/TKY200604270137... (in English)

They say it will not just be a research project, but will also be
deployed in production environments of governmental organizations.

Both Linux and Windows are planned as its guest OSes, but apparently
they are assuming that Windows will continue to be used mainly,
because they say that they chose to develop "Secure VM" (instead of
switching to an open source desktop) "in order to improve security
while keeping the existing client environment/UI as much as possible."

The development team includes the University of Tsukuba, the
University of Electro Communications, Tokyo Institute of Technology,
Keio University, Nara Institute of Science and Technology, Toyota
National College of Technology, Fujitsu, NEC, Hitachi, NTT, NTT DATA,
and SoftEther.

The project's budget is reported to be 600 million yen (5.3m USD) in
three years.
http://journal.mycom.co.jp/news/2006/05/23/382.html (in Japanese) 

It is not clear whether they are going to hack on some existing open
source codebase or write one from scratch.

The project might be similar to:
http://www.vmware.com/news/releases/nsa_pr.html (in English)
"VMware and the National Security Agency Team to Build Advanced Secure
Computer Systems" (January 31, 2001)

---

Here in Japan, more than 300,000 machines were infected by viruses via
P2P file-sharing programs, and information (some of it was highly
sensitive) was leaked to P2P file-sharing network from hospitals,
banks, post offices, universities, high schools, local governments,
the SDF (Self-Defense Forces), the police, politicians, nuclear power
plants, airports, and so on, as well as many big companies (including
some of the "Secure VM" related companies).
http://en.wikipedia.org/wiki/Winny  (in English)
http://www.geocities.jp/winny_crisis/  (in Japanese) 
http://internet.watch.impress.co.jp/static/index/2006/03/10/  (in Japanese) 

Moreover, information was also leaked from major newspaper companies
that had reported those incidents one after another and criticized
those victim companies' and organizations' information management, and
last but not least, from a major antivirus vendor...

The creator of Winny, a popular P2P file-sharing program in Japan, was
arrested for abetment of copyright violation two years ago, and it is
possible that modifying it is regarded as an illegal act, so the
program is still being used as-is without any fixes, and the number of
victims is still increasing.
http://en.wikipedia.org/wiki/Winny  (in English) 
http://yro.slashdot.org/article.pl?sid=04/05/10/0157259 (in English) 

Some information had already been leaked from the SDF and the police
two years ago, but even recently, cryptography related sensitive
information marked "Secret" was leaked from the SDF, again.

regards,
maya
--
Thanks,
Maya Tamiya
http://changelog.net/