Dear Dr. Rich:
My name is Steve, I have on a previous occasion sent you another related message. If you responded to this original message I appreciate your reading this message as well. If you did not read the original message then I hope this gives you and your students a second unique opportunity to utilize their extensive skill set.
I am an active open source community member. As a systems engineer for over thirty years, I can appreciate the value in open source software as I am sure you can as well.
Currently my interest lies in the gnu user space software and in the security features enabled in the NaCl/Pnacl environment.
The ability to sandbox Internet based transactions from the hosting system gives it a unique ability to help protect systems users from Internet based attacks.
The rate of attacks from the Internet are increasing in frequency and the collateral damage caused by these attacks are costly in terms of resources to fight them and damage to reputation and costs consumers, governments and organizations. These attacks cost billions.
According to the INFOSEC Institute:
“ Principal security firms which observe and analyze the incidents occurred to their clients have provided estimates of the annual loss suffered by enterprises. Dozens of billions of dollars are eroding their profits. If we extend the effects of cybercrime to government circles, public industry and the entire population, it’s easy to assume that the amount of damage reaches several hundred billion dollars. ”
According to one article on Physorg.com:
“These massive hacks almost always start with a simple email”
Simple Fix isn’t always simple
The simple fix would be to disable HTML links in emails. This would eliminate the primary source of break-ins.
Problem with the simple fix
It totally kills the usefulness of email!
Evolution of the browser has given us a potential fix for this problem. Google has recently eliminated flash and adobe acrobat legacy plugins inside of Chrome. They have replaced this with sandboxed versions of these plugins that run under ppapi which is a sandbox that is related to Google’s NaCl extension.
Taking this a step further
As previously stated the NaCl environment has been engineered to only allow a small subset of code to be executed that is deemed to be safe. Security was the first concern among Google’s designers for this environment.
This provides a unique opportunity to use the NaCl environment to help protect corporate and government networks.
GNU but Not Linux
GNU largely refers to the user space applications that have been built to be used independently of the Linux kernel. They have also been ported to Windows, Mac OSX, BSD, etc.
My original thought was to get enough people together to port the Linux kernel and an entire Linux distribution to work under the NaCl environment. Unlike the use of emulators it would run between 50% and 80% of native code speed.
My idea has evolved
I believe instead that concentration on porting the user space applications to this environment would be a better and more reachable goal.
The applications that I would like to see ported include Evolution email client, Chrome or Firefox, and the already ported PDF viewer.
This will protect corporate and government networks from the root cause of most attacks. (Clicking on an email attachment) while avoiding the problem of getting users to do the some times impossible task of determining the threat level an email link prevents to the corporate network.
Simply allowing them to use the Internet and letting the protected design protect them the ravages of an unsafe Internet would be a much more protective and achievable goal.
To this end the first step is
The first step in this process is to create a build root environment with a dumbed down kernel that is compatible with NaCl which will require extensive knowledge of the Autoconfig tools and the Linux kernel itself.
This will be no easy task and will take the concerted efforts of many highly skilled developers. Which is something I am not.
The help I would like to get from you and your Doctoral/Graduate students
I am hoping to find a large group of skilled developers by bringing this project to the attention of the professors in this area of expertise.
Please let me know if any of your students are looking for a challenging project to work on.
I believe that whoever works on this will earn them selves a huge reputation and will help them set off a career path that will be hard to earn elsewhere.
Thank you for your consideration.