|
|
http://opensource.dyc.edu/tinhat
最新版本 20081025
Tin Hat是一个基于Gentoo的加强发行版,完全运行于内存中,旨在提供一个非常安全、稳定并且运行速度快的桌面环境。Tin Hat从CD或者U盘等启动,但并不是一个LiveCD系统,她不从CD挂载unionfs或者其他格式的文件系统。并且,Tin Hat是一个在启动时载入tmpfs的巨大镜像(大约2.3GB)。需要付出启动时间长的代价(CD启动5分钟,U盘启动2分钟),但启动后运行程序的时候访问CD速度迅速。毫无疑问,这些极端的优点和缺点使得Tin Hat是一个相当特别的发行版。
需要超过4GB的内存,真是狂人用的Linux!!!
Tin Hat is a Linux distribution derived from hardened Gentoo which aims to provide a very secure, stable and fast Desktop environment that lives purely in RAM. Tin Hat boots from CD, or optionally a pen drive, but it is not a LiveCD. It does not mount any file system from CD via unionfs or otherwise. Rather, Tin Hat is a massive image (approx. 2.3GB) which loads into tmpfs upon booting. One pays the prices of long boot times (5 minutes off CD, 2 minutes off pen drives), but the advantage afterwords is that there are no delays going back to the CD when starting applications. Needless to say, this has some rather extreme advantages and disadvantages, making Tin Hat a rather particular distribution.
Tin Hat was conceived as a challenge to the old mantra that physical access to a system means full access to the data. This is certainly true in the case of unencrypted file systems, and at least potentially true in the case of encrypted. Rather, Tin Hat aims towards the ideal of guaranteeing zero information loss should the attacker physically acquire the box --- either the adversary is faced with no file system to even begin cracking, or if any non-ephemeral memory is found, the adversary should not be able to tell if he is looking at encrypted data or random noise. Of course, achieving this ideal is impossible, or at least highly improbable, but it is nonetheless something one can strive towards. Tin Hat is a baby step in that direction.
Even before sitting down and thinking of the technologies one could use for such a project, other considerations pop up. Obviously if the user is able to get to the data, then in principle so can others. These issues impinge on the user's social situations: What happens if the user walks away from a running system where he is logged in? A classic problem. What happens if he is coerced into letting the adversary in while the system is up? If the user is uneasy keeping his personal files in RAM, he may want to back them up to encrypted drives. Then the window of a "coercive attack" extends beyond the uptime of the system. What if the user is watched via a secret surveillance camera? What about a hardware keylogger? Or a microphone listening to the unique sounds of keystrokes on a keyboard? How deep does the rabbit hole of paranoia go?
Let's set aside the social engineering attacks for now and focus on the major technological obstacles. Recent advances in cold boot attacks, where data in RAM (such as encryption keys) can be retrieved even after a system reboot, have put our goal even further beyond reach Utilities like msramdmp can be used to dump the entire tmpfs root file system of Tin Hat for forensic analysis. The situation seems bleak, but this just gives us opportunity for more clever ways of encrypting/hiding data in RAM itself --- at least until hardware solutions come along. This is clearly the direction in which we would like to develop Tin Hat, but must admit that we are stumped. No matter how many layers of encrypts we add, we cannot avoid keeping clear key somewhere in RAM.
Of course, the ideal that "physical access == zero information loss" would be useless if Tin Hat didn't also protect against the more familiar network/code born exploits. For this we employ GRSEC/PaX technology which is a reliable security solution already integraged into major Linux distribution by the Hardened Gentoo Project. Since Tin Hat provides a Gnome Desktop running on top of X, some compromises in security had to be made; however, these are noted so that the user is aware of their existence. Little can be done on generic hardware; however, we have found that on specific motherboard/video chipset combinations, hardening features which would otherwise break X can be enabled. For this reason, we not only provide polished ISO images for immediate use, but also our "cookers," VMware virtual machines which we use to make the ISOs.
Finally, Tin Hat has a secondary goal. Since we are running purely in RAM, Tin Hat is fast! If "Zero Information" is one subtitle that we can append, another would be "a Glorious Waste Of RAM". Tin Hat requires about 4 GB to run comfortably, 3 GB for the tmpfs root file system, and 1 GB for paging. If one wants to further reintroduce Gentoo's portage system and/or the kernel source tree, 4GB becomes a very tight squeeze. Forget adding any more software after that, which leads to the paridoxical sitatution: why else would you reintroduce portage/kernel trees if you don't plan to add any new software? Although we provide an i686 release, in our lab we run the amd64 version on 8 GB boxes in which we reintroduce portage/kernel and add the entire Open Office suite. One gets spoiled when your word processor pops up in mere seconds!
We distribute Tin Hat as prebuild ISO images and as VMware virtual machines which can be used to "cook" the ISOs. We recommend the former for users and the later for developers. The ISOs can be burned to CD, or with our scripts, can be put onto a pen drive. The ISOs are almost identical copies of the cookers except the logs are cleaned out and the open ssh keys are removed.
System Requirements
Tin Hat should run on most hardware that is supported by Linux. However, owing to its heavy need for RAM we recommend at least 4 GB of DDR2.
We have tested both i686 and amd64 bit releases on the following systems:
* 1. VMWare
o Memory: 4 GB
o CPU: One or two processors. Both 32- and 64-bits tested.
o Video: VMware SVGA II PCI Display Adapter
o
o SCSI: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI
o NIC: Intel Corporation 82545EM Gigabit Ethernet Controller
o Both SCSI and IDE CD-ROM tested.
o Various combinations of zero or more IDE and SCSI hard drives
* 2. AMD system
o Memory: 8 GB == 4 x OCZ SLI-Ready Dual Channel 4096MB PC6400 DDR2 800MHz
o CPU: AMD Athlon(tm) 64 FX-62 Dual Core Processor
o Motherboard: Asus M2N32-SLI Deluxe
o Video: 2 x e-GeForce 7900 GTX
o IDE CD-ROM
o Zero to six SATA drives. Tested software RAID0 to RAID5 configurations.
* 3. Quod Core 2 system
o Memory: 8 GB == 4 x OCZ SLI-Ready Dual Channel 4096MB PC6400 DDR2 800MHz
o CPU: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz
o Motherboard: Asus P5N32-E SLI Plus
o Video: e-GeForce 8600 GTS
o SATA CD-ROM
o Zero to four SATA drives
* 4. Quod Core 2 system
o Memory: 8 GB == 4 x Corsair Dual Channel TWINX 2048MB PC6400 DDR2 800MHz E.P.P.
o CPU: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz
o Motherboard: EVGA nForce 680i SLI
o Video: e-GeForce 8600 GTS
o SATA CD-ROM
o Zero to four SATA drives
下载地址:
i686
http://opensource.dyc.edu/pub/TinHat/images/th-i686-20081025.iso
http://opensource.dyc.edu/pub/Ti ... 0081025.iso.torrent
AMD64
http://opensource.dyc.edu/pub/TinHat/images/th-amd64-20081025.iso
http://opensource.dyc.edu/pub/Ti ... 0081025.iso.torrent |
|
IP卡
狗仔卡
发表于 2008-11-4 10:04:20
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡