Profile shot: SKPP snapshot
The Protection Profile for Separation Kernels in environments requiring high robustness is starting to get a lot of attention. What is it? What is it about? What can it do for me?
If you're the average Joe, it's probably not going to mean much to you until products for information assurance and seals for conformance / validation start becoming popular. When that starts to happen, you'll want to see it on your bank's web-site, at the dentist's office, and over the door for your company's IT department. What the SKPP, or Protection Profile for Separation Kernels, is, is a document that describes the things a kernel must do in order to provide separation between instances of software in containers called partitions, and provide absolute control over any data flowing between any two of these partitions.
Reading papers about the SKPP and what it is (is it a golden standard of standards?), some papers make it sound like a separation kernel can remove the need for firewalls and virus scanners, preventing hackers and unauthorised code from ever accessing a system. While an SKPP may indeed help limit the scope of damage such activities could cause, the intention of an SKPP is to define a foundation of software upon which a secure system-of-systems can be created. This foundation's purpose is to create partitions in which software systems may run, secure from the effects of all other software systems running in all other partitions defined in the system-of-systems.
If this sounds complex, it can be very complex - but for anyone with experience with children, it can be summed up with one simple phrase: "GO TO YOUR ROOMS!" When Parent A has "had enough" and the kids won't settle down, the edict is often issued: separate yourselves, cease touching each-other, and sit in silence "in your own cave" until you can behave.
In this light, an SKPP can be seen as a set of rules for building foundations upon which you may build separate rooms for each child, with processes built-in to provide for safe communication between rooms where it is desired. There are rules for if, when, and how the contents of one room may interact with others. And there are provisions for inspecting to be sure the rooms will work as specified.
What is the SKPP for, and why was it concieved?
Traditional systems handled secure data by creating a separate set of systems for each "level" of security / data being handled. For instance you might have a network for public data, and networks for secret, and top-secret data. To handle these 3 classifications of data, you would have 3 completely different networks of computers, and the data was kept separate by making sure none of the systems connected across classifications. They were kept separate by visible spaces of air between systems - "air gaps". Occasionaly there were speical computers connected between the air-gaps, that allowed for data to be "re-classified" for sharing with one of the other levels of security.
The SKPP defines methods for implementing software that implements the software equivalent of these air gaps, as well as methods for implementing the "services" that run between air-gaps. It also defines methods for testing these systems to certify that they do what they're supposed to do.
Is the SKPP the golden standard for security? In a way it is, but not to the point of making firewalls and virus scanners obsolete. It is the golden standard for moving ahead, replacing multiple legacy systems with single smaller, lighter, more capable modern computers.