Sealed systems
Encyclopedia
Sealed systems are computer systems that are designed to be supplied as a sealed unit. The major benefits are security
, reliability, ease of installation and upgrade, and locked down so users can't make changes that would compromise the integrity of the system. Many techniques may be used to build a sealed system. One obvious approach is custom hardware but this can be expensive.
The term sealed systems was coined by Tailored Computers in Portland
, Oregon
. Their goal was to build sealed systems using inexpensive, off-the-shelf PCs. Their design takes advantage of features of the Linux
operating system.
Properly-designed sealed systems are highly-resistant to attack. All programs and static data are placed in immutable storage
where they can't be modified and new programs and data cannot be added. Data that must be changed, such as configuration data and user data files, is kept in mutable storage. Any attacks that seek to modify programs or plant additional files in immutable storage will fail.
Attacks that try to modify data in mutable storage are possible. However, well-designed sealed systems will prevent programs from executing from mutable storage and they won't put system-critical configuration data in mutable storage.
The segregation of programs and data into immutable and mutable storage makes some operations, such as backing up data, easier. The system can be easily backed up just by backing up all of mutable storage.
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
, reliability, ease of installation and upgrade, and locked down so users can't make changes that would compromise the integrity of the system. Many techniques may be used to build a sealed system. One obvious approach is custom hardware but this can be expensive.
The term sealed systems was coined by Tailored Computers in Portland
Portland, Oregon
Portland is a city located in the Pacific Northwest, near the confluence of the Willamette and Columbia rivers in the U.S. state of Oregon. As of the 2010 Census, it had a population of 583,776, making it the 29th most populous city in the United States...
, Oregon
Oregon
Oregon is a state in the Pacific Northwest region of the United States. It is located on the Pacific coast, with Washington to the north, California to the south, Nevada on the southeast and Idaho to the east. The Columbia and Snake rivers delineate much of Oregon's northern and eastern...
. Their goal was to build sealed systems using inexpensive, off-the-shelf PCs. Their design takes advantage of features of the Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
operating system.
Properly-designed sealed systems are highly-resistant to attack. All programs and static data are placed in immutable storage
Computer storage
Computer data storage, often called storage or memory, refers to computer components and recording media that retain digital data. Data storage is one of the core functions and fundamental components of computers....
where they can't be modified and new programs and data cannot be added. Data that must be changed, such as configuration data and user data files, is kept in mutable storage. Any attacks that seek to modify programs or plant additional files in immutable storage will fail.
Attacks that try to modify data in mutable storage are possible. However, well-designed sealed systems will prevent programs from executing from mutable storage and they won't put system-critical configuration data in mutable storage.
The segregation of programs and data into immutable and mutable storage makes some operations, such as backing up data, easier. The system can be easily backed up just by backing up all of mutable storage.