The news? The ex-director of security architecture for the One Laptop Per Child project, Ivan Krstic (at right), has gone to work for Apple. He'll be focusing his attention on core operating system security.
Krstic's innovative Bitfrost security specification, part of the overall OLPC initiative, essentially negates the effect of any virus by running every program on the computer in its own virtual operating system. By doing this, no malware can spy on user keystrokes, futz with files, or steal data.
According to a 2007 article by Naraine, Bitfrost has five primary goals, all of which are targeted at making the OLPC one of the most secure platforms available:
- No user passwords -- the security of the device cannot depend on the user's ability to remember a password
- No unencrypted authentication -- no cleartext passwords, no use of Ethernet MAC addresses for authentication
- Out-of-the-box security -- The device should be secure out of the box, without the need to download security updates if at all possible
- Limited institutional Public Key Infrastructure -- Don't rely on public keys to validate the identity of device owners
- No permanent data loss -- Information is to be replicated to some centralized storage place so it can be recovered if the device is stolen, destroyed, or lost