In response to the Perspectives column written by Charles Cooper, "":
Very interesting article. I agree with your assessment but would also offer these observations.
You can't solve security (problems) until you start talking about establishing root trust and then a subsequent chain of trust.
Current architectures do not support advance security requirements like protection ID and compartmentalization (Itanium does support this).
Current general-purpose operating systems are designed for portability, not security. They lack a defense-in-depth strategy and they do not leverage four levels of privilege.
Finally, and perhaps most importantly, security must be comprehensible; currently there are millions and millions of lines of code that run at privilege level zero and any network IO driver can install malicious code at PLO and take over the system.
What is needed is a new secure operating system that complements current general-purpose operating systems. Until that happens, it's all talk.
Peter J. Cranstone
CEO, Secure64 Software Corporation