OLPC's Ivan Krstić: 2007 TR35 Award Winner

   
   
   
   
   

Congratulations to Ivan Krstić, Director of OLPC Security Architecture, he's been recognized by Technology Review as as one of the world's top innovators under the age of 35 for his innovative One Laptop Per Child Bitfrost security platform.

bitfrost ivan Krstić
A happy Ivan Krstić of OLPC

As the glowing TR35 profile says:

Instead of blocking specific viruses, the system sequesters every program on the computer in a separate virtual operating system, preventing any program from damaging the computer, stealing files, or spying on the user. Viruses are left isolated and impotent, unable to execute their code. "This defeats the entire purpose of writing a virus," says Krstic.

Some in the Linux community are so impressed with this novel approach to fighting malicious code that they have proposed making it part of the Linux standard.

Reading the Bitfrost Approach I can only wish that more computer security design professionals, be they specialists in Windows, Apple, or Linux, would follow Ivan Krstić's lead. His five security goals are radical, simple, and long overdue:
    Goals:
  • No user passwords
  • No unencrypted authentication
  • Out-of-the-box security
  • Limited institutional PKI
  • No permanent data loss
If you're the technical type, you can read the full Bitfrost specification on the OLPC Git Repository. If you don't eat kernels from breakfast, Ivan can still explain OLPC security to you through his OLPC talks.

Either way, be quick about getting Ivan's name right, unlike most of the publications celebrating his award. Its "Ivan Krstić" not "Ivan Krstic" for as he told me a year ago:

I switched to a real rendering of my name just recently, having decided that in 2006, there's really no excuse for not using Unicode-aware software.
And as a fellow member of the Funny Name Club, I can relate.

Related Entries

7 Comments

Just wondering: have there been any other recipients of this
coveted (?) award whose technologies have not actually been
deployed & tested as of the award time?

The Technology Review is produced by MIT so obviously they would honor one of their own with the award.

I'm sure there were motives for this award that were justified.

Interestingly, Geekcorps creator Ethan Zuckerman has also received a TR35 award.

The Geekcorps Director is of course our esteemed Wayan Vota.

Wow. Thanks for pointing that out Robert. Now I feel great. Not only have both Ivan (2007) and Ethan (2002) been TR35 winners, I have exactly five months to do something worthy with my life before I past 35 and apparently become obsolete.

Thankfully I at least won a Tech Award...

Awards are overrated Wayan.

Personal achievement and satisfaction with ones lot in life is all anyone can aspire to. Find a partner, have kids, live a comfortable life.

This latest article has inspired me to read all the way through the Bitfrost spec on OLPC's git and frankly its an interesting read (I hadn't had the time up until now).

If thats the system that they are loading into the laptops and shipping to schools I'm not interested in the XO anymore. For normal people (well..non schoolkids) the whole environment seems extremely restrictive and probably not usable by the majority of average computer users. Public keys, Serial Numbers, UUIDs, activation codes all designed for an anti-theft system. Great for kids in schools with a wireless AP and school server (running specific proprietry software), not so great for general purpose users.

I've been using Linux for about 5 years, a relative newcomer to Open Source and (after a few years on Fedora Core 1, 2 and 3) have fallen in love with Ubuntu. It just works. Props to Mr Shuttleworth.

So I'm a little shocked (I was smug about Linux being virus proof) after reading the Bitfrost spec. Is the average Linux distro not secure? Will we really have to run a compartmentalized OS where applications live inside their own little jail?

As read in Ivans award article on Technology Review, Ivan plans on developing Bitfrost for the general Linux community. Somehow I just don't want to be that secure.

Robert Arrowsmith wrote:
"If thats the system that they are loading into the laptops and shipping to schools I'm not interested in the XO anymore. For normal people (well..non schoolkids) the whole environment seems extremely restrictive and probably not usable by the majority of average computer users. Public keys, Serial Numbers, UUIDs, activation codes all designed for an anti-theft system. Great for kids in schools with a wireless AP and school server (running specific proprietry software), not so great for general purpose users."

I am afraid you didn't understand the breath of it. This is computer security done from the ground up. The real marvel is that it works for illiterates and children! No passwords!

The basic tenet of Bitfrost is that the user is in total control of her own machine. But only over those parts the user has knowledge on.

You can do everything, but you have to set the required switches, which requires you have a basic understanding of what you are doing. The only parts not under the control of the user are the Bios flash key and the system activation and sign keys. You can get the Bios flash key (from the OLPC, NOT from the government) if you ask.

You can never impersonate someone else as you cannot change the laptop ID. Which basically means that the children's laptops cannot be used anonymously (but maybe they can just refuse to sign their messages?). The activation keys are their for the important anti-theft measures. There is no reason why all these keys could not be given to private buyers in the developed world. There are very good reasons NOT to give them to children that get their computers donated by the school.

The cryptographic signing of updates and exchanges in secure transactions is basic stuff like that used in SSL and SSH.

"Is the average Linux distro not secure? "

As secure as you can make it. But you, or the distribution maintainer, can mess up everything with a single wrong command.

Basically, Windows security protects Microsoft (against lawsuits), Unix security protects the OS, Bitfrost protects the user, the OS, and the computer (HW).

And that is what we really want in the XO. I want not only the OS to be secured, but my private data and privacy too. And if small children start to use the computer, it is the children that must be protected, more than the computer.

I read it and considered it the first comprehensive computer security system I have seen (which says more about my ignorance than about Bitfrost).

And Ivan will have a sunny professional future with this award.

Winter

"So I'm a little shocked (I was smug about Linux being virus proof) after reading the Bitfrost spec. Is the average Linux distro not secure? Will we really have to run a compartmentalized OS where applications live inside their own little jail?"

No operating system is perfectly secure. OLPC has a unique set of characteristics that make it worth spending extra energy on security: in the ideal case, massive scale deployments of many millions of identical (hardware and software) laptops, where nearly every machine will be administered by someone who has never seen a computer before and has no idea what safe practices are.

In case you haven't figured it out yet, this makes it an ideal environment for the rapid and catastrophic spread of viruses, worms, and trojans. Drastic new security measures must be implemented to keep this sort of attack to a minimum.

As for you personally, you will be able to request a developer key to unlock every portion of the system, if you so choose. The idea is to make this unnecessary for most kids, but the laptop is yours if you're sufficiently competent.

Close