Re: Small codebase as a prerequisite for security

12 Feb 2016

      On Thu, Feb 11, 2016 at 8:20 PM Peter Gutmann 
wrote:
...
Sean Lynch  writes:
...
I'm not talking about raw size or complexity here; obviously having lots
of
features and support for lots of devices means high complexity, but it
doesn't
require that all that complexity run with full system privileges.
XKCD is, as usual, most apropos here:
https://www.xkcd.com/1200/
A huge amount of embedded stuff doesn't even have a kernel mode, because
its
irrelevant (or, if the hardware does actually support two different modes,
everything is run in the highest-priv'd mode).  Either the system is
robust/secure/reliable or it isn't, whether there's a kernel/user split is
irrelevant.
Obviously on a device with no MMU or supervisor mode everything running on
it is your trusted computing base.

Security is not binary.