Posted Feb 8, 2007 7:07 UTC (Thu) by orospakr
Parent article: Bitfrost: the OLPC security model
To preempt all those who will try to compare this system to a Treacherous Computing/DRM system, I offer this simple distinction:
Treacherous Computing systems, such as those used in many proprietary systems such as video game consoles, work for someone other than the owner of the computer. Not only is this morally wrong, but it also is based on a fundamentally flawed threat model: the person who owns the machine can theoretically do anything she likes to the machine, and therefore Treacherous Computing systems are very often cracked. A classic example of this is a so-called "modchip" for a video game console, for instance. Cryptography buffs sometimes describe TC/DRM as attempting to make Alice and Eve the same person (do I remember those names correctly?).
Bitfrost works for the owners of the machine (in this case, the child and her country). The flaw discussed above does not apply, because the owner of the machine is still permitted to do as she likes. Bitfrost instead is intended to allow the user to get on with her business, including running untrusted code from a third party without worry.
(actually, the theft protection scheme in Bitfrost could be considered a theoretical weak point. A modchip-like device or similar hack could possibly be used to disable the anti-theft protection. However, this is unlikely to be feasible in practice. Therefore, the theft protection system has done its job: deterring theft.)
to post comments)