issues
search
towercomputers
/
toweros
TowerOS: An Operating System for Network-Boundary Converged Multi-Level Secure Computing
https://toweros.org
Apache License 2.0
3
stars
0
forks
source link
Establish and Document Security Model
#106
Closed
adamkrellenstein
closed
10 months ago
adamkrellenstein
commented
10 months ago
Security Guarantees
Firewall
There is zero direct communication between hosts (however there is tunneling for package management).
All communication between the thin client and a host is over SSH and on port 22 (ideally including screen sharing).
All communication between the thin client and a host must originate with the thin client.
No connections to the online hosts may originate from the Internet.
Tunneling from the thin client to the Internet is allowed.
Hardware
Online hosts are connected to an Ethernet switch and a WLAN; offline hosts are connected only to the switch.
Operating System
Reasonable standards; but this is mostly out of scope. (Disable HT; use a hardened Linux kernel; etc.)
Application-Level
All network connections between the thin client and a host) must be directly triggered by user action.
Trusted Computing Base
Tower Tooling
Alpine Linux Base System
Network Drivers
Network Card Hardware
SSH
Screensharing Software
Threat Analysis
Class
Attack
Mitigated
If so, how?
Theft
Theft of Device
Yes
Encrypted root disks
Physical Tampering
Evil-Maid Attack
Optional
Raspberry Pis:
https://www.zymbit.com/
Physical Tampering
Cold-Boot Attack
Optional
Raspberry Pis:
https://www.zymbit.com/
Microarchitectural
RowHammer; RowPress
Yes
Host-Isolation
Microarchitectural
Speculative Execution
Yes
Host-Isolation
Physical Side-Channel
Power Consumption (
https://www.hertzbleed.com/
)
Optional
Disable DVFS
Physical Side-Channel
Acoustic Emissions
No
Physical Side-Channel
Electromagnetic Radiation
No
ouziel-slama
commented
10 months ago
https://towercomputers.github.io/tower-tools/security/
Security Guarantees
Firewall
Hardware
Operating System
Application-Level
Trusted Computing Base
Threat Analysis