none
Secure Applications RRS feed

  • Question

  • The best way to make secure applications is to modify the Windows OS

    1) All apps need to do memory allocation / deallocation through the Kernel.  ( Where they ask for memory for their app through a kernel interrupt. )

       (so theres no such thing a malloc or dealloc or calloc.)

    2) All program / dynamic_library launch parameters get printed to a *.cfg file in the program directory. ( the application gets a handle to that *.cfg file to parse and set internal variables. (this prevents command line / *.dll buffer overflow erors.)

    3) All hardware access needs to go through the Kernel which checks permissions and sends the request a hardware driver.  ( So theres no such thing as #include "\lib\StandardIO".)

    4) Maybe the kernel paging sys, creates individual 4K paging files for each app rather than a global paging file. C:\VM\prog_name\page_1 to page_??

    5) Every application installs, in its entirety, its own directory. ( \bin \lib \reg \images \sounds \misc \doc etc.. So deleting an app requires nothing more than deleting the application directory. Its registry entries would be in its *\reg directory which the OS would load and unload dynamically at launch and close.)

    6) The kernel does memory defragmentation every so many user selected intervals, and writes all program allocated memory to zeros when an app exits.

    Saturday, July 14, 2012 2:09 AM

All replies

  • This has nothing to do with using Windows security APIs, the topic of this forum. 

    I suggest you to actually use Windows for a few weeks. You seems to think disk IO of multiple small page files has better performance than a big one. Guess you did not notice the reverse is true on Windows during a file copy. There are lots of other big demand that not worth discussing. You or some trillion dollar investment by programmers in the last few decades? It is very easy to choose.



    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP

    Sunday, July 15, 2012 2:48 AM
  • I'm working on Designing my own OS.  (Most people or universities or companies fall flat on their faces when it comes to OS hardware interaction.)

    I went on an unsecured WI-FI and the hackers wiped out my Windows Vista drive and also the hidden HP recovery drive.

    I took the opertunity as a reason to buy Windows 7 Home Premium, and installed the 64 bit version.

    Since then I've had my computer taken over several times. I've had several of my source code files replaced with different source code or had extra code planted in them.

    The only way to make a secure OS is to double check every "code authors" code for hidden-doors. But if the code goes thru 3 check points, on its way to final production , you might end up with 3 sets of back-doors in it.

    So I figured the only way to make an app secure, is to force every app to go thru the Kernel to interact with hardware, where the kernel could check permissions before sending the request to a hardware driver.

    The best security method would be to only allow and app to write to its own directory and maybe a global C:\temp\app_name\ directory. Then it can't overwrite Windows *.dll's and other files.

    Maybe forbidding applications to read any of the file system other than their own directory and the global C:\temp\app_name\ directory, would stop hackers from tampering with files.

    Tuesday, July 17, 2012 11:00 PM
  • It looks like you want to break backward compatibility for just about every app and driver. Sorry, that is business suicide. I suggest you to take a software analysis class. 



    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP

    Wednesday, July 18, 2012 2:42 AM
  • Yes!!

    Its hard to remodel the OS while maintaining backwards compatability.

    Another problem that not as noticable with modern Windows or high speed processors; is the Window gets redrawn in its entirety with every object update.

    Back in Windows 3.0 and Windows For Work Groups 3.1 , You could set forground / background processor cycles, and SLOWLY watch the window being redrawn again and again for each object in the window, current Windows does the same thing but the processor speed makes it hard to see.

    Its the classes and polymorphism that gets handed off to the lower objects and repeated, so the whole window gets redrawn for every object within the frame. But thats not really a security issue, its a clock-cycle waste issue.

    The security issue is; how do outside computers, modify a file-system or a file on the file system?? And what can be done to stop the modifications??

    In my analysis:

    A) If the outside apps can't read the file system, then they don't which file to alter.

    B) If the outside apps can't read the memory,  then they don't know which memory to alter.

     

     

     

    Wednesday, July 18, 2012 10:32 AM