Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

OB1

with one comment

Every Military Net Accessed at Once, Thanks to ‘OB1’

Obi_wan_kenobi_01_large U.S. Central Command has 14 different, physically separated networks. To get access to the info on all of ’em, a military type needs as many as five different computers, sitting on his desk. But new software being tested by CENTCOM would enable a single computer to connect to all those networks at once — from the open internet to the top secret stuff. “If it proves secure, could save more than $200 million for CENTCOM,” UPI’s Shaun Waterman reports. And a ton of hassle, too.

But the best part of the project might be its acronym. The demonstration is called “One Box, One Wire” — OB1, for short. Use the Force, sysadmins!

The key to OB1, retired U.S. Air Force Gen. Eugene Habiger tells Waterman, is the “separation kernel,” a piece of software “guaranteed to keep the different networks separate.”

The software… creates “what we call security domains … in essence virtual machines or virtual servers … each one of them is impregnable. Even viruses that operate at the very deepest level of the operating system cannot get around the new software,” he said.

“We sit literally on the bare metal … on the microprocessor. What we create is a secure platform, and on top of that platform you can run Windows or Linux … inside of a securely separated domain, where … your top-secret or confidential corporate data … can be protected and cannot be accessed by an intruder” from any one of the other domains.

But isn’t that a huge security risk? The NSA apparently has tested the system out, and given OB1 its blessing.

I don’t buy this. I just don’t. No system that is contained within the confines of one processor is impregnable! Even if the NSA has signed off on it I think it’s a TERRIBLY bad idea. Time will tell, but you already know how having SIPR and NIPR nets next to one another has lead to leaks as well as USB contamination recently….

This also wholly goes against best practices where “Separation Of Duties” is concerned. You are going to allow access to all of those networks at a single node by a single user? What are they smoking at the DOD?

There’s a bad digital moon rising…

Written by Krypt3ia

2009/02/03 at 23:39

One Response

Subscribe to comments with RSS.

  1. :wrinkles nose:

    Ewww. Wrong, wrong, wrong.

    Guess they forgot about capacitive bleedover in circuits.

    Bare metal, my ass. If electrons run through it, it can be tapped. Guess they forgot about TEMPEST…

    Sunfell

    2009/02/17 at 17:29


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: