14 DAY TRIAL // Windows Seven is the successor of Windows Vista planned for availability in 2009. That much is certain, anything else are pure rumors. With Microsoft gagging all channels of communication related to Windows Seven all we are left with is speculation. In this regard, I thought I would elaborate just a tad on security expert Joanna Rutkowska's Verifiable Operating Systems theory.
What is the next step in operating system security? And let's think beyond Windows Vista for a minute. No, it is not PatchGuard, or GS or ASLR or mandatory drive signing. It is a verifiable operating system. What are the chances that Windows Vista will buy such a verifiable OS?
Well let's look at what Microsoft has done so far regarding operating system security. And we will focus mainly on Windows Vista. First off, the Redmond Company has redesigned Windows down to its core, or code for that matter. Vista is a radically different operating system than its predecessors and takes more to the line of the Windows server products. Vista is also a complete product of Microsoft's Secure Development Lifecycle, guarantying a superior level of security.
Microsoft has also added a completely rewritten network protocol stack, moving toward IPv6. Among the Vista line of defenses Microsoft implemented Address Space Layout Randomization (ASLR), to randomize the address space deck and to prevent memory manipulation attacks. Buffer Security Check (GS) stack protection is also in place to protect stack variables from overflows and inherently from arbitrary code execution. The User Account Control, although not a security feature, ultimately end up adding protection to the operating system.
The fault of all these technologies and mechanisms? They have been proven to fail, they have all been bypassed, hacked or cracked. Continuous updating and patching is a solution, but could Windows Seven resolve this perpetual face-off?
Well, as a matter of fact, it could. By making Windows Seven a verifiable operating system, Microsoft would have a lot to gain in terms of security, maybe even an equal place to Linux and Mac OS X. What would Microsoft have to do? Nothing much. Just the implementation of a sound static code analyzer.
This "does not require any dramatic changes into OS, is to make use of so called sound static code analyzers to verify all sensitive code in OS and applications. The soundness property assures that the analyzer has been mathematically proven not to miss even a single potential run time error, which includes e.g. unintentional execution flow modifications. The practical analyzers always consider some superset of all possible execution flows, which is easy to compute, yet may introduce some false alarms and the whole trick is how to choose that superset so that the number of false positives is minimal," Rutkowska revealed.
The sound static code analyzer would control and analyze all the traffic passing to the Windows Seven kernel, and only after a static evaluation and validation drivers will be digitally signed. Some may argue that the compromising of the private certification key used for validation would be the end of the verifiable OS, but multiple and updatable keys would provide a resolve for this.