A bootable USB Key for XO/OLPC Virus Scanning

Problem:  The One Laptop Per Child (OLPC) XO Laptop coud get viruses

The XO laptop will be a perfect breeding ground for viruses.  The system is monolithic, with an expectation of identical hardware and operating systems being deployed across entire countries.   IT support is expected to be non-existent.   The machine networks heavily and promiscuously.

The primary defense against the spread of viruses is the built-in BitFrost security system.  This assemblage uses virtual machines to restrict certain combinations of rights and attempts to prevent some of the higher harm viruses from occurring.  One can expect many installations to disable any security measures found burdensome, as occurred with the rights based security in J2EE.

Solution:  Make a bootable, read only, USB key to validate that all installed software is open source.

On the other hand, the OLPC has a few truly special features that allow effective anti-virus software to exist.   All, or almost all, software on an OLPC is expected to be open source.   It becomes reasonable to validate that all possible changes to configurations, applications installed, and binaries from a known list of ‘good’ applications.  While “enumerating badness” is a doomed strategy, enumerating allowed systems is possible.

Consider a repository that keeps track of all known contributed applications and language packs in source form.  An automated script builds these into sugarized files and keeps track of the file system effects from installing these onto virtual machines.   The results are placed onto a self-booting USB key that boots up, examines the file system of the XO, and declares it to be clean or infected.

This does require some tricky programming, mostly in reducing the combinatorially exploding possible configurations into a linearly growing set of rules for allowable configurations.  The problem is engineering, not requiring perfect implementation.

This feels like a good PhD Thesis for someone.