Bitmessage components security seclusion example

Feb 16 01:05 [raw]

Real implementation would be a bit more complex, but this gives the general idea. Every part of the codebase that deals with privileged data is sandboxed by itself and can't communicate with the other parts of the codebase. Instead, each component runs a local server where direct sockets share information to cop functions, that filter it and either drop or forward to the other component's server. For instance, bitmessage has its API. In this regime, the cryptography would be a separate API - the inventory would be a separate API - the message storage would be a separate API. None of these APIs can connect to each other, because on startup random keys are generated for each API, and they can only connect to a parent function, the cop function, that filters every request, checks permissions, enforces security rules, and prevents malformed or maliciously transformed data from moving between APIs. Each API is cryptographically (socket keys) and systemically (OS, virtualenv, firefail) sandboxed to its domain, and can't break out. Ergo, your data can't break out. On top of this, the "secure station" idea proposed could separate some of these privileges to the other side of a serial port with hardware cops and code cops on both sides of the serial port. Until we have serial ports separating the components, functional walls and filters can be built between them. One could even use iptables and SELinux to further secure connections between APIs and their code cops. <br /> <br /> <img src="data:...">

[chan] Crypto-Anarchist Federation

Subject Last Count
cnf Mar 19 15:18 1
get on bitboard Mar 19 14:28 1
disabling onion page Mar 18 20:43 1
Hardware trojans... Mar 17 05:16 27 Mar 17 04:54 5
warning Mar 16 06:28 2
The Transgender Assualt on the Creator of JavaScript Mar 15 19:09 1
The Corbett Report - The Bitcoin Psyop Mar 15 18:33 1
bitboard Mar 15 07:52 7
RIP Stephen Hawking - I'll miss your brillance, honnesty, clarity, truths & heart. Mar 15 00:42 5
A cool study from a Cryptech contributor seen today : Improving Master Key storage in military grade crypto-anarchist Crypto-Devices. Mar 13 22:46 2
Crypto-Anarchist "Paris Bitcoin Tech Meetup" in Paris - Preliminary organisational meeting next wednesday in "Jack" Hackerspace in Jardin d'Alice - Montreuil (Paris). Mar 12 18:35 1
Red Ice Radio Mar 10 20:41 1
How to run Bitmessage in a secure Linux and Firejail sandbox Mar 10 20:08 1
Looking for some TOR bridges Mar 7 14:44 7
xiphos Mar 6 20:56 8
#crypto-anarchist-federation chan was created on ! Mar 3 20:17 3
C.N.F. Mar 3 04:03 2
They never forgive. Mar 2 21:30 1
Compression discovery Mar 2 14:21 4
Compress Random Data Mar 2 05:19 5
Crypto-Anarchist tip to escape state sandboxing of your internet access when installing new software or doing fresh installs of OS's from ISO disk images downloaded from the internet Feb 28 16:34 3
security/cryptography Feb 28 15:54 1
Sigh... Feb 28 00:31 1
Integrated Circuits (ASICs) and FPGA "lab attack" Trojan Detection using IC fingerprinting. Feb 25 11:13 1
Tor / Proxychains is leaking my hostname Feb 23 08:31 2