|
|
|
Red-Green is our
name for the creation of two different environments for each user in which to
do their computing. One environment is carefully managed to keep out attacks
code and data are only allowed if of known trusted origin because we know
that the implementation will have flaws and that ordinary users trust things
that they shouldnt. This is the Green environment; important data is kept
in it. But because lots of work, and lots of entertainment, requires
accessing things on the Internet about which little is known, or is even
feasible to know, regarding their trustworthiness (so it can not be carefully
managed), we need to provide an environment in which this can be done this
is the Red environment. The Green environment backs up both environments,
and when some bug or user error causes the Red environment to become corrupt,
it is restored to a previous state (see the recovery slide); this may entail
loss of data, which is why important data is kept on the Green side, where it
is less likely to be lost. Isolation between the two environments is enforced
using IPsec.
|
|
|
|
The big unknown is
the user experience, at this point. We know different models:
|
|
1.The KVM switch model (as in NetTop)
|
|
2.The X-Windows model (with windows actually fronting for an
execution on some other machine)
|
|
What the users will
find preferable is an open question, still.
|
|
More to the point,
the security of the system depends on separation that will be visible to the
user. There will be things that the
user will not be allowed to do because of the security policy. What also needs to be researched is the
best way to communicate that separation to the user. The KVM switch model, in
which the user envisions two separate PCs that have to use network shares to
share files might be the simplest to grasp.
|
|
|
|
Implementation is
still a matter of debate within the company and even within the team.
|
|
|
|
Today we are going
to talk about the VM-based isolation solution
|