[fpc-other] disk "glasses"
Tomas Hajny
XHajT03 at hajny.biz
Wed Aug 13 12:17:34 CEST 2014
On Wed, August 13, 2014 11:35, duilio foschi wrote:
.
.
> In a room, only the few people who wear the magic glasses can see
> data inside a box.
>
> The rest (who have no magic glasses) only see the box.
>
> Brought to IT, only applications that use product X will "see" disk Y
> (and be able to read/write data into it).
>
> The rest of applications only see a fixed size file.
The standard solution provided by existing operating systems is "simple" -
make sure that these applications run under different users and that the
users have appropriate access rights.
Obviously, this implies that implementation of such operating systems is
sufficiently secure itself (i.e. ensuring the designed level of protection
and thus not allowing others to get unauthorized access to the respective
resource), but that equally applies to any other solution as well
(including whatever "product X" - either you trust it, or not).
Now - if you don't trust that e.g. certain operating system from certain
large software company is sufficiently safe regarding protection from
unauthorized access over the network (specifically), you could for example
improve the security by adding some additional protection mechanisms in
between - run the whole operating system in a "walled garden" e.g. through
virtualization of the operating system instance including the encrypted
disk and applications having access to the respective data, run it in
private LAN not directly addressable from outside and ensure only secured
access is possible, etc. In any case, the most appropriate solution must
be designed according to the full list of requirements which has not been
provided.
Tomas
More information about the fpc-other
mailing list