Sealed Systems

Sealed systems are computer systems that are designed to be supplied as a sealed unit. The major benefits are security, reliability, ease of installation and upgrade, and locked down so users can't make changes that would compromise the integrity of the system. Many techniques may be used to build a sealed system. One obvious approach is custom hardware but this can be expensive.

The term sealed systems was coined by Tailored Computers in Portland, Oregon. Their goal was to build sealed systems using inexpensive, off-the-shelf PCs. Their design takes advantage of features of the Linux operating system.

Properly-designed sealed systems are highly-resistant to attack. All programs and static data are placed in immutable storage where they can't be modified and new programs and data cannot be added. Data that must be changed, such as configuration data and user data files, is kept in mutable storage. Any attacks that seek to modify programs or plant additional files in immutable storage will fail.

Attacks that try to modify data in mutable storage are possible. However, well-designed sealed systems will prevent programs from executing from mutable storage and they won't put system-critical configuration data in mutable storage.

The segregation of programs and data into immutable and mutable storage makes some operations, such as backing up data, easier. The system can be easily backed up just by backing up all of mutable storage.

Famous quotes containing the words systems and/or sealed:

    The only people who treasure systems are those whom the whole truth evades, who want to catch it by the tail. A system is just like truth’s tail, but the truth is like a lizard. It will leave the tail in your hand and escape; it knows that it will soon grow another tail.
    Ivan Sergeevich Turgenev (1818–1883)

    Retreat was out of hope,—
    Behind, a sealed route,
    Eternity’s white flag before,
    And God at every gate.
    Emily Dickinson (1830–1886)