Bitfrost
Encyclopedia
Bitfrost is the security design specification for the OLPC XO, a low cost laptop intended for children in developing countries and developed by the One Laptop Per Child (OLPC) project. Bitfrost's main architect is Ivan Krstić
. The first public specification was made available in February 2007.
By default, the system denies certain combinations of rights; for instance, a program would not be granted both the right to access the camera and to access the internet. Anybody can write and distribute programs that request allowable right combinations. Programs that require normally unapproved right combinations need a cryptographic signature
by some authority. The laptop's user can use the built-in security
panel to grant additional rights to any application
.
, a special version of Fedora Linux running the new Sugar
graphical user interface
and operating on top of Open Firmware
. The original system remains available in the background and can be restored.
By acquiring a developer key from a central location, a user may even modify the background copy of the system and many aspects of the BIOS
. Such a developer key is only given out after a waiting period (so that theft of the machine can be reported in time) and is only valid for one particular machine.
cannot acquire a new lease.
The deploying country decides whether this lease system is used and sets the lease expiry time.
and microphone
are hard-wired to LED
s, so that the user always knows when they are operating. This cannot be switched off by software.
, a computer security researcher at the Catholic University of Leuven
in Belgium
and his colleague Meredith Patterson
at the University of Iowa
in Iowa City claim that the Bitfrost system has inadvertently become a possible tool for unscrupulous governments or government agencies to definitively trace the source of digital information and communications that originated on the laptops. This is a potentially serious issue as many of the countries which have the laptops have governments with questionable human rights records.
Ivan Krstić
Ivan Krstić is a Croatian computer security expert, currently working on core security at Apple Inc. Krstić was previously the director of security architecture at One Laptop per Child. He is a co-author of The Official Ubuntu Book ....
. The first public specification was made available in February 2007.
System of rights
Every program, when first installed, requests certain bundles of rights, for instance "accessing the camera", or "accessing the internet". The system keeps track of these rights, and the program is later executed in an environment which makes only the requested resources available. The implementation is not specified by Bitfrost, but dynamic creation of security contexts is required. The first implementation was based on vserver, the second and current implementation is based on user IDs and group IDs (/etc/password is edited when an activity is started), and a future implementation might involve SE Linux or some other technology.By default, the system denies certain combinations of rights; for instance, a program would not be granted both the right to access the camera and to access the internet. Anybody can write and distribute programs that request allowable right combinations. Programs that require normally unapproved right combinations need a cryptographic signature
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
by some authority. The laptop's user can use the built-in security
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
panel to grant additional rights to any application
Application software
Application software, also known as an application or an "app", is computer software designed to help the user to perform specific tasks. Examples include enterprise software, accounting software, office suites, graphics software and media players. Many application programs deal principally with...
.
Modifying the system
The users can modify the laptop's operating systemOperating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
, a special version of Fedora Linux running the new Sugar
Sugar (GUI)
Sugar is an open source desktop environment designed with the goal of being used by children for learning.Developed as part of the One Laptop per Child project, it is the default interface on OLPC XO-1 family of laptop computers....
graphical user interface
Graphical user interface
In computing, a graphical user interface is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and...
and operating on top of Open Firmware
Open Firmware
Open Firmware, or OpenBoot in Sun Microsystems parlance, is a standard defining the interfaces of a computer firmware system, formerly endorsed by the Institute of Electrical and Electronics Engineers . It originated at Sun, and has been used by Sun, Apple, IBM, and most other non-x86 PCI chipset...
. The original system remains available in the background and can be restored.
By acquiring a developer key from a central location, a user may even modify the background copy of the system and many aspects of the BIOS
BIOS
In IBM PC compatible computers, the basic input/output system , also known as the System BIOS or ROM BIOS , is a de facto standard defining a firmware interface....
. Such a developer key is only given out after a waiting period (so that theft of the machine can be reported in time) and is only valid for one particular machine.
Theft-prevention leases
The laptops request a new "lease" from a central network server once a day. These leases come with an expiry time (typically a month), and the laptop stops functioning if all its leases have expired. Leases can also be given out from local school servers or via a portable USB device. Laptops that have been registered as stolenTheft
In common usage, theft is the illegal taking of another person's property without that person's permission or consent. The word is also used as an informal shorthand term for some crimes against property, such as burglary, embezzlement, larceny, looting, robbery, shoplifting and fraud...
cannot acquire a new lease.
The deploying country decides whether this lease system is used and sets the lease expiry time.
Microphone and camera
The laptop's built-in cameraCamera
A camera is a device that records and stores images. These images may be still photographs or moving images such as videos or movies. The term camera comes from the camera obscura , an early mechanism for projecting images...
and microphone
Microphone
A microphone is an acoustic-to-electric transducer or sensor that converts sound into an electrical signal. In 1877, Emile Berliner invented the first microphone used as a telephone voice transmitter...
are hard-wired to LED
LEd
LEd is a TeX/LaTeX editing software working under Microsoft Windows. It is a freeware product....
s, so that the user always knows when they are operating. This cannot be switched off by software.
Privacy concerns
Len SassamanLen Sassaman
Len Sassaman was an advocate for privacy, maintainer of the Mixmaster anonymous remailer code and remop of the randseed remailer.He was employed as the security architect and senior systems engineer for Anonymizer...
, a computer security researcher at the Catholic University of Leuven
Catholic University of Leuven
The Catholic University of Leuven, or of Louvain, was the largest, oldest and most prominent university in Belgium. The university was founded in 1425 as the University of Leuven by John IV, Duke of Brabant and approved by a Papal bull by Pope Martin V.During France's occupation of Belgium in the...
in Belgium
Belgium
Belgium , officially the Kingdom of Belgium, is a federal state in Western Europe. It is a founding member of the European Union and hosts the EU's headquarters, and those of several other major international organisations such as NATO.Belgium is also a member of, or affiliated to, many...
and his colleague Meredith Patterson
Meredith L. Patterson
Meredith L. Patterson is an American technologist, science fiction author, and journalist. She has spoken at numerous industry conferences on a wide range of topics...
at the University of Iowa
University of Iowa
The University of Iowa is a public state-supported research university located in Iowa City, Iowa, United States. It is the oldest public university in the state. The university is organized into eleven colleges granting undergraduate, graduate, and professional degrees...
in Iowa City claim that the Bitfrost system has inadvertently become a possible tool for unscrupulous governments or government agencies to definitively trace the source of digital information and communications that originated on the laptops. This is a potentially serious issue as many of the countries which have the laptops have governments with questionable human rights records.
External links
- Ivan Krstić's homepage
- OLPC Wiki: Bitfrost
- Bitfrost specification, version Draft-19 - release 1, 7 February 2007
- High Security for $100 Laptop, Wired News, 7 February 2007
- Making antivirus software obsolete - Technology Review magazine recognized Ivan Krstić, Bitfrost's main architect, as one of the world's top innovators under the age of 35 (Krstić was 21 at the time of publication) for his work on the system.