Linked by David Adams on Thu 30th Jun 2011 15:40 UTC
Original OSNews Interviews OSNews interviews Alexander Tsolkas, security consultant, Director Sales & Marketing at Iπsec Ltd. Germany, and creator of HSS, or High Security Server, a highly secure Linux kernel and a proprietary management Control Panel. We ask him about his product and about the state of ultra high security computing.
Thread beginning with comment 479327
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comments frustration
by Bill Shooter of Bul on Fri 1st Jul 2011 01:23 UTC in reply to "Comments frustration"
Bill Shooter of Bul
Member since:
2006-07-14

It's extremely difficult to have a positive conversation about what you are doing when there are so many cynics waiting to knock you down.


Normally, I'd agree with you. But that positive conversation can't take place here. If there are kernel security experts here, they don't have access to their product and can't evaluate their claims. If there are not kernel security experts here, their product hasn't earned the respect of the experts elsewhere. Its not really worth discussing the potential security benefits of an untrusted, untestable system. So, people end up focusing on the crazy claims of espionage and international three letter acronym intrigue that make this seem as shady as a back alley kidney transplant.

I've read white papers of products I already use and pay for that I know are full of sh*t and don't do half the things as well as they claim. The real important information about a product comes from independent third parties that test and use the systems.

Reply Parent Score: 3

RE[2]: Comments frustration
by Alfman on Fri 1st Jul 2011 04:26 in reply to "RE: Comments frustration"
Alfman Member since:
2011-01-28

Bill Shooter of Bul,

"If there are kernel security experts here, they don't have access to their product and can't evaluate their claims. If there are not kernel security experts here, their product hasn't earned the respect of the experts elsewhere."

Sure, those are valid concerns for people interested in buying the product.

"Its not really worth discussing the potential security benefits of an untrusted, untestable system."

I disagree, Alex may very well have some valuable insight to contribute to a discussion on linux security. I am interested in the mechanisms used to control access in the kernel and it is worth discussing regardless of whether the product is proprietary or not, IMHO.

"So, people end up focusing on the crazy claims of espionage and international three letter acronym intrigue that make this seem as shady as a back alley kidney transplant."

Yes, I don't think Alex was expecting this. He got off on the wrong foot.


Technical questions for Alex:

1. What kind of context does HSS consider when deciding whether to permit or deny a request?

2. When a process executes "su", does the kernel invoke a userspace permission check through IPC? Is this somehow cached in the kernel, or repeated for every security check?

3. You indicated fewer scripts were required to use HSS, are events scriptable under HSS or do they have to follow a strict pattern engine?

4. How does HSS deal with concurrency? In particular, can the userspace portion handle parallel IPC requests (assuming there is a userspace portion) or are they serialized?

5. What is the impact to performance when the permission checks are enabled?

6. Does HSS do anything special to help debug app problems caused by restrictive permissions? How do I determine why my app is failing?

7. Does HSS work with a customized kernel?

8. Are the configuration files human read/writable or are they binary?

And I might as well ask, are you hiring english speaking devs?

Reply Parent Score: 3

Bill Shooter of Bul Member since:
2006-07-14

Well, It was a sales pitch with minimal technical info. If they wanted to discuss the technology behind it, thats great they should have tried that instead of the sales pitch.

But for what its worth Google translate does a fair job on their whitepaper. it doesn't make me feel any more comfortable about the product, but you might find some good discussion points

http://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http~*~...

Reply Parent Score: 2

RE[3]: Comments frustration
by dzx6w3 on Sat 2nd Jul 2011 10:49 in reply to "RE[2]: Comments frustration"
dzx6w3 Member since:
2011-06-30

Hi Alfman,

I will come up with the answers after the weekend.

Thank you

Alexander

Reply Parent Score: 1