Researchers get funding to build new secure OS

Researchers get funding to build new secure OS

Summary: Researchers at the University of Illinois at Chicago have received a $1.15 million grant from the National Science Foundation to build a new, secure computer operating system.


Researchers at the University of Illinois at Chicago have received a $1.15 million grant from the National Science Foundation to build a new computer operating system based on virtual machines and the concept of isolation.

The new OS project, called Ethos, is the brainchild of UIC associate professor Jon A. Solworth (right) an associate professor in UIC's department of computer science.  Daniel Bernstein, the noted cryptographer behind djbdns, is helping to secure the operating system.

Ethos, which is billed as an OS based on the Xen hypervisor, is being created with security as the trump card.   At its core, the new OS will run on VMs that run one or more operating systems together, like Windows and Mac.

Older applications written for those OS systems where security is not a big issue, like games, will continue to work, but new OS like Ethos will simultaneously handle applications such as online banking and other sensitive business transactions as part of the evolution to tomorrow's more secure operating systems.

Solworth explains a bit more:

Since VMs allow multiple OS to run on a computer, it is no longer necessary to choose one OS; multiple OSs can be used simultaneously. Hence, one significant application can justify running an OS. Second,

the VM provides an abstract hardware architecture which is far simpler then the vast variety of computers extant. The drivers for the real hardware are provided by the VM. We are using Xen as our VM because we believe it is a good security architecture on which to build an OS.

Solworth's group is now looking for kernel hackers to help build out the architecture.

The news of funding for Ethos comes just days after virtualization security specialist and renowned rootkit researcher Joanna Rutkowska (right) released an early version of Qubes, a new open-source operating system based on Xen, X Window System, and Linux.

Qubes OS relies on virtualization to separate applications running on the OS and also places many of the system-level components in sandboxes to prevent them from affecting each other.

The Qubes OS architecture is described in this PDF document.

Topics: CXO, Hardware, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • This is peanuts

    One smallish research group getting a little over
    a million dollars is tiny. A few developer years
    at best. The group is no doubt good and will
    probably produce useful results, but this is a
    tiny effort for a global issue.
    • It's also just a start...

      If the group seems to be making good - I'm sure more funds will roll in. You don't look to start a project and allocate EVERYTHING. You give them a budget and see how they work and what they produce. If it's good, you keep feeding the beast. If, in two years, you have lots of pretty offices and no code - you cut your losses.

      Seems to be the right approach, no?
      • Or this could be it.

        Unless something is said like "if you meet milemarks A B and C we'll provide X additional funds", nobody can know for sure.
        • Just as you guys are saying...

          you never know. It was, after all, the same University of Illinois system (only at Urbana-Champaign) that gave the world the Mosaic web browser, thus fulfilling Berners-Lee's vision for a truly ubiquitous World Wide Web.

          Well, beyond those old go-to's of Gopher, Usenet, and FTP. ;)
          • Global system - big budget?

            What is it that makes a global system need a global budget? Mainly, I suspect, the need to fend off large numbers of placeholders who need to justify their existence by demanding function or test proofs which are not needed, or insisting that their favourite language/platform is needed. Many of the world's best inventions have been developed on a shoestring, and were/are long-term successful. How much does it cost to hire a versy small number of people with the right ideas?
  • Please Please Hyper V Type 2 for Desktops

    We all need a ("desktop option" to run type 2 Hyper V with a
    hot key option) to switch between each OS. Of course each OS
    could be running various task as the server Hyper V's do. The
    user gets to choose as mentioned which desktop Hyper V
    environment they want to be in by hitting a custom key.

    After looking all over for one such solution I found nothing
    was available and only for servers. Server 2008 doesn't count
    in such a scenario as a true type 2 Hyper Visor for a desktop
  • OpenBSD

    I thought we already had a secure operating system.

    Why isn't Theo de Raadt involved?
  • A secure OS?

    Now why didn't anyone think of creating a secure OS before these researchers? Good thinking, guys. And good luck :-)
  • If it is built it will be cracked!

    They thought virtual machines were safe but they have been cracked according to an earlier article. So how is this going to be any different?
  • XenSource

    Just another waste of taxpayer dollars (ever heard of XenSource, XenServer). Must be going to some politician's friend who doesn't want to work for a living and lives off our dime.
  • RE: Researchers get funding to build new secure OS

    I'm thinking I might do a dual boot on my laptop with win7 and google chrome. Depending on how secure chrome ends up being. Half of the security just comes from having an OS that you only use for banking and finance and then your win7 OS to play on and get infected without effecting the other OS. Am I right, or does having the two OS's on the same hard drive mean that win7 would be able to infect chrome?
  • A new OS - happens every day

    At least one college or university displays a new OS
    every day. (World Wide)
    Some eventually catch on but there are a lot of new OS's
    and lots of new features.
  • Hasn't it ever occurred to anyone ...

    ... that the only truly secure OS has no user? Think
    about it - Most of the current exploits for pretty
    much any OS are all based on social engineering of one
    sort or another. Today's goal is to get the (l)user to
    click on something so that the malware can install. The memory of those heady days of remotely hacking a
    system or doing drive-by installs from a hacked
    website are fast fading into the dim and pleasant
    recesses of our memory. Hacking just isn't what it
    used to be.

    The conclusion is completely inescapable: You *must*
    eliminate the user in order to properly secure the OS.
    Anything else is just madness.


    Steve G.
  • RE: Researchers get funding to build new secure OS

    This new OS sounds like a discussion I had with friends some
    years ago.

    Create a bullet-proof kernel.
    Wrap it in a VM layer that creates a "sandbox" for every
    program, whether OS or app.
    Sandboxes can pass data back and forth for interoperability.
    Stealing from Linux: no app file or system changes can be made
    without the SUDO password, preventing drive-by downloads and

    If malware (virus, trojan, etc) actually infects the OS or app,
    a popup notifies the user of the problem, saves any open files
    from that sandbox, closes and re-opens the sandbox.

    The app or OS re-opens using the prior-to-infection version and
    NO changes made by the infection are retained.

    The file that had been saved is re-opened and the user continues
    their work.
  • RE: Researchers get funding to build new secure OS

    Sounds an awful lot like OpenSolaris with Trusted Extensions and Virtualbox / xVM to me. Perhaps based on the limited funds they've received that might not be a bad place to start?
  • RE: Researchers get funding to build new secure OS

    Great!!! thanks for sharing this information to us!
    <a href="">sesli sohbet</a> <a href="">sesli chat</a>