Sunday, October 31, 2010

Indian OS

From Bruce Schneier ...

India is writing its own operating system so it doesn't have to rely on Western technology:

India's Defence Research and Development Organisation (DRDO) wants to build an OS, primarily so India can own the source code and architecture. That will mean the country won't have to rely on Western operating systems that it thinks aren't up to the job of thwarting cyber attacks. The DRDO specifically wants to design and develop its own OS that is hack-proof to prevent sensitive data from being stolen.

On the one hand, this is great. We could use more competition in the OS market -- as more and more applications move into the cloud and are only accessed via an Internet browser, OS compatible matters less and less -- and an OS that brands itself as "more secure" can only help. But this security by obscurity thinking just isn't true:

"The only way to protect it is to have a home-grown system, the complete architecture ... source code is with you and then nobody knows what's that," he added.

The only way to protect it is to design and implement it securely. Keeping control of your source code didn't magically make Windows secure, and it won't make this Indian OS secure.


Kevin Milmoe said...

Does this mean that the Indian government is just trying to produce an OS for itself or will it try to market it? If it's only for the Indian government it would seem that cyber security is reaching new heights of importance on a national level to have attained funding for the venture. In terms of marketing however, it would seem an advanced stage of snooping on citizens and any foreigners foolish enough to install the OS.
The resilience of this OS to outsiders is questionable when malware written in Java can cross the OS divide easily. It wont be long until there is an attack language that would encompass this new OS if it was a target worthy of the research and development time.

Tevans said...

This idea sounds appealing on the surface, but on second thought, it doesn't really make sense. Yeah, it would be great to not be vulnerable to cyber attacks, but what makes Indian programmers so special? If it's possible to build into an OS the ability to thwart all attacks, don't you think Microsoft, Apple, and Linux would've figured that out by now? As we always mention in class, cyber wars are so dynamic and ever changing, so how can you possibly develop an OS in which a hole can't be found?