Sealed Systems

Sealed systems are computer systems that are designed to be supplied as a sealed unit. The major benefits are security, reliability, ease of installation and upgrade, and locked down so users can't make changes that would compromise the integrity of the system. Many techniques may be used to build a sealed system. One obvious approach is custom hardware but this can be expensive.

The term sealed systems was coined by Tailored Computers in Portland, Oregon. Their goal was to build sealed systems using inexpensive, off-the-shelf PCs. Their design takes advantage of features of the Linux operating system.

Properly-designed sealed systems are highly-resistant to attack. All programs and static data are placed in immutable storage where they can't be modified and new programs and data cannot be added. Data that must be changed, such as configuration data and user data files, is kept in mutable storage. Any attacks that seek to modify programs or plant additional files in immutable storage will fail.

Attacks that try to modify data in mutable storage are possible. However, well-designed sealed systems will prevent programs from executing from mutable storage and they won't put system-critical configuration data in mutable storage.

The segregation of programs and data into immutable and mutable storage makes some operations, such as backing up data, easier. The system can be easily backed up just by backing up all of mutable storage.

Famous quotes containing the words systems and/or sealed:

    Our little systems have their day;
    They have their day and cease to be:
    They are but broken lights of thee,
    And thou, O Lord, art more than they.
    Alfred Tennyson (1809–1892)

    These things are not inscribed in tablets, not sealed in the folds of papyri, but you hear them clearly from the tongue in a free mouth.
    Aeschylus (525–456 B.C.)