Betrusted OS
An embedded OS for cryptographic devices
Betrusted OS will underpin the Betrusted ecosystem, and will enable secure process isolation. It will be written a safe systems language - namely Rust - to ensure various components are free from common programming pitfalls and undefined behavior. Unlike modern operating systems that trade security for speed, the Betrusted OS will prioritize security and isolation over performance. For example, it will be a microkernel that utilizes message passing and services rather than a monolithic kernel with modules. Unlike other deeply-embedded operating systems, it will require an MMU, and support multiple threads per process. This will let us add features such as service integrity and signature verification at an application level.
- The project's own website: https://betrusted.io
Why does this actually matter to end users?
As our lives get more digital every day, we use the internet to have important conversations - both personal and professionally. We also store and share more and more sensitive personal data on devices. On the internet you cannot just close the door to talk privately. So we need digital safe spaces and digital locks and vaults that are just as reliable and easy to use to store our secrets and mediate our communication.
Recently manufacturers have started to build so-called hardware enclaves or secure elements into their devices that function like a digital safe: even if someone is able to get some software installed into your computer, phone or laptop, they should not be able to immediately access what is in the safe.
But of course, creating a secure space or making a digital safe in an environment you don't really control or understand is practically impossible. All the technical protection no longer matters when someone can invisibly take control or peer over your shoulder. Especially since you as a user can't see yourself what is happening on the inside of your digital house. A safe and a rogue application can and will look completely identical to a normal consumer, and there is simply no way to distinguish among them based on their outside appearance. Users install many unknown games and applications all the time ("install our app to start getting amazing discounts now!"), and forget that this is actually letting more or less random entities run unknown software on the phone that holds some of their most important information. And what if the operating system of your computer or phone itself has an unhealthy interest in your data or metadata, or is weakly protected to that others can just enter - similar to how unsafe it would feel if your landlord or the janitor is a peeping tom or a thief?
Betrusted is a dedicated open hardware device with the goal to create safe and more easily protected private channels for your communication. The Betrusted device is a complementary device that restricts itself to protecting the things that matter most, like your conversations and phone calls. It will also be able to hold passwords, digital versions of your passport (and other digital credentials and attributes), and whatever sensitive digital information you need to keep completely secure. In this project a custom, minimalist operating system will be written to run on the Betrusted open hardware. The overall approach is security through isolation and simplicity: you can never leave a backdoor open if you don't build a door in the first place. The end result will be a portable, dedicated physical vault isolated from everything else you do, and with a deliberately limited feature set which makes it so much harder to attack.
As a user you can verify everything from top to bottom. The entire design and development of the device is open to the public, from the software it runs down to the silicon that makes up its chips. A transparent, easy to use and secure digital safe that you can actually trust, with an configurable and easily understandable interface you want to use.
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.