HOME

TheInfoList



Click Here for Items Related To - Bitfrost
OR:
Bitfrost on:   [Wikipedia]   [Google]   [Amazon]

Bitfrost is the security design specification for the
OLPC XO The OLPC XO (formerly known as $100 Laptop, Children's Machine, 2B1) is a low cost laptop computer intended to be distributed to children in developing countries around the world, to provide them with access to knowledge, and opportunities to " ...
, a low cost laptop intended for children in developing countries and developed by the One Laptop Per Child (OLPC) project. Bitfrost's main architect is Ivan Krstić. The first public specification was made available in February 2007.


Bitfrost architecture


Passwords

No
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
s are required to access or use the computer.


System of rights

Every program, when first installed, requests certain bundles of rights, for instance "accessing the camera", or "accessing the internet". The system keeps track of these rights, and the program is later executed in an environment which makes only the requested resources available. The implementation is not specified by Bitfrost, but dynamic creation of security contexts is required. The first implementation was based on
vserver Linux-VServer is a virtual private server implementation that was created by adding operating system-level virtualization capabilities to the Linux kernel. It is developed and distributed as open-source software. Details The project was starte ...
, the second and current implementation is based on user IDs and group IDs (/etc/password is edited when an activity is started), and a future implementation might involve
SE Linux Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space t ...
or some other technology. By default, the system denies certain combinations of rights; for instance, a program would not be granted both the right to access the camera and to access the internet. Anybody can write and distribute programs that request allowable right combinations. Programs that require normally unapproved right combinations need a cryptographic signature by some authority. The laptop's user can use the built-in
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
panel to grant additional rights to any application.


Modifying the system

The users can modify the laptop's
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...
, a special version of
Fedora Linux Fedora Linux is a Linux distribution developed by the Fedora Project. Fedora contains software distributed under various free and open-source licenses and aims to be on the leading edge of open-source technologies. Fedora is the upstream (softwa ...
running the new Sugar
graphical user interface The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows User (computing), users to Human–computer interaction, interact with electronic devices through graphical icon (comp ...
and operating on top of
Open Firmware Open Firmware is a standard defining the interfaces of a computer firmware system, formerly endorsed by the Institute of Electrical and Electronics Engineers (IEEE). It originated at Sun Microsystems, where it was known as OpenBoot, and has bee ...
. The original system remains available in the background and can be restored. By acquiring a developer key from a central location, a user may even modify the background copy of the system and many aspects of the
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
. Such a developer key is only given out after a waiting period (so that theft of the machine can be reported in time) and is only valid for one particular machine.


Theft-prevention leases

The laptops request a new "lease" from a central network server once a day. These leases come with an expiry time (typically a month), and the laptop stops functioning if all its leases have expired. Leases can also be given out from local school servers or via a portable
USB Universal Serial Bus (USB) is an industry standard that establishes specifications for cables, connectors and protocols for connection, communication and power supply ( interfacing) between computers, peripherals and other computers. A broa ...
device. Laptops that have been registered as
stolen Stolen may refer to: * ''Stolen'' (2009 Australian film), a 2009 Australian film * ''Stolen'' (2009 American film), a 2009 American film * ''Stolen: The Baby Kahu Story'' (2010 film), a film based on the real life kidnapping of baby Kahu Durie ...
cannot acquire a new lease. The deploying country decides whether this lease system is used and sets the lease expiry time.


Microphone and camera

The laptop's built-in
camera A camera is an optical instrument that can capture an image. Most cameras can capture 2D images, with some more advanced models being able to capture 3D images. At a basic level, most cameras consist of sealed boxes (the camera body), with a ...
and
microphone A microphone, colloquially called a mic or mike (), is a transducer that converts sound into an electrical signal. Microphones are used in many applications such as telephones, hearing aids, public address systems for concert halls and pub ...
are hard-wired to
LED A light-emitting diode (LED) is a semiconductor device that emits light when current flows through it. Electrons in the semiconductor recombine with electron holes, releasing energy in the form of photons. The color of the light (cor ...
s, so that the user always knows when they are operating. This cannot be switched off by software.


Privacy concerns

Len Sassaman Leonard Harris Sassaman (April 9, 1980 – July 3, 2011) was an American technologist, information privacy advocate, and the maintainer of the Mixmaster anonymous remailer code and operator of the ''randseed'' remailer. Much of his career gravitat ...
, a computer security researcher at the
Catholic University of Leuven University of Leuven or University of Louvain (french: Université de Louvain, link=no; nl, Universiteit Leuven, link=no) may refer to: * Old University of Leuven (1425–1797) * State University of Leuven (1817–1835) * Catholic University of L ...
in
Belgium Belgium, ; french: Belgique ; german: Belgien officially the Kingdom of Belgium, is a country in Northwestern Europe. The country is bordered by the Netherlands to the north, Germany to the east, Luxembourg to the southeast, France to ...
and his colleague
Meredith Patterson Meredith Ann Patterson (born November 24, 1975) is an American musical theatre and television actress. She is best known for her Broadway performances such as Peggy Sawyer in 2001 Revival of "42nd Street", '' The Boy Friend'' and ''White Christm ...
at the
University of Iowa The University of Iowa (UI, U of I, UIowa, or simply Iowa) is a public research university in Iowa City, Iowa, United States. Founded in 1847, it is the oldest and largest university in the state. The University of Iowa is organized into 12 coll ...
in
Iowa City Iowa City, offically the City of Iowa City is a city in Johnson County, Iowa, United States. It is the home of the University of Iowa and county seat of Johnson County, at the center of the Iowa City Metropolitan Statistical Area. At the time ...
claim that the Bitfrost system has inadvertently become a possible tool for unscrupulous governments or government agencies to definitively trace the source of digital information and communications that originated on the laptops. This is a potentially serious issue as many of the countries which have the laptops have governments with questionable human rights records.


Notes

* The specification itself mentions that the name "Bitfrost" is a play on the
Norse mythology Norse, Nordic, or Scandinavian mythology is the body of myths belonging to the North Germanic peoples, stemming from Old Norse religion and continuing after the Christianization of Scandinavia, and into the Nordic folklore of the modern peri ...
concept of
Bifröst In Norse mythology, Bifröst (), also called Bilröst, is a burning rainbow bridge that reaches between Midgard (Earth) and Asgard, the realm of the gods. The bridge is attested as ''Bilröst'' in the '' Poetic Edda''; compiled in the 13th ce ...
, the bridge between the world of mortals and the realm of Gods. According to the
Prose Edda The ''Prose Edda'', also known as the ''Younger Edda'', ''Snorri's Edda'' ( is, Snorra Edda) or, historically, simply as ''Edda'', is an Old Norse textbook written in Iceland during the early 13th century. The work is often assumed to have been t ...
, the bridge was built to be strong, yet it will eventually be broken; the bridge is an early recognition of the idea that there's no such thing as a perfect security system.


See also

* CapDesk


References

{{Reflist


External links


Ivan Krstić's homepage
* OLPC Wiki: Bitfrost
Bitfrost specification
version Draft-19 - release 1, 7 February 2007

Wired News, 7 February 2007
Making antivirus software obsolete
- Technology Review magazine recognized Ivan Krstić, Bitfrost's main architect, as one of the world's top innovators under the age of 35 (Krstić was 21 at the time of publication) for his work on the system. One Laptop per Child Cryptographic software