Sealed Systems

Sealed systems are computer systems that are designed to be supplied as a sealed unit. The major benefits are security, reliability, ease of installation and upgrade, and locked down so users can't make changes that would compromise the integrity of the system. Many techniques may be used to build a sealed system. One obvious approach is custom hardware but this can be expensive.

The term sealed systems was coined by Tailored Computers in Portland, Oregon. Their goal was to build sealed systems using inexpensive, off-the-shelf PCs. Their design takes advantage of features of the Linux operating system.

Properly-designed sealed systems are highly-resistant to attack. All programs and static data are placed in immutable storage where they can't be modified and new programs and data cannot be added. Data that must be changed, such as configuration data and user data files, is kept in mutable storage. Any attacks that seek to modify programs or plant additional files in immutable storage will fail.

Attacks that try to modify data in mutable storage are possible. However, well-designed sealed systems will prevent programs from executing from mutable storage and they won't put system-critical configuration data in mutable storage.

The segregation of programs and data into immutable and mutable storage makes some operations, such as backing up data, easier. The system can be easily backed up just by backing up all of mutable storage.

Famous quotes containing the words systems and/or sealed:

    In all systems of theology the devil figures as a male person.... Yes, it is women who keep the church going.
    Don Marquis (1878–1937)

    “Our snowstorms as a rule
    Aren’t looked on as man-killers, and although
    I’d rather be the beast that sleeps the sleep
    Under it all, his door sealed up and lost,
    Than the man fighting it to keep above it,
    Yet think of the small birds at roost and not
    In nests....”
    Robert Frost (1874–1963)