One interesting project that I saw recently was the Mempo project, headed by the illustrious Debian team. More and more projects are springing up lately, in the post Snowden era, security is of high concern for many users. Tools, such as proxy servers, SSH tunnelling, and decentralized browsers such as the infamous Tor browser all try to maintain privacy in the interests of users. Trust is always an issue, and having Debian at the help of Mempo should show some interest in the favor of the user, rather than that of corporate interest. The Mempo project has the ultimate goal of being the “most secure and yet comfortable out-of-the-box Desktop and Server computer, for professionals, business, journalists, and every-day users avoiding PRISM-like spying.”
Although the project is still in a very early pre-alpha stage, the code and software stack is readily available for testing. Code review is still in progress, though you can review the source code yourself for closer inspection. Mempo is trying it’s best to help protect unsuspecting users from hardware level attacks, root-kits, cold-boot, hacking NIC PCI cards, bugs in e.g. Xen, fire-wire attacks, and more.
The structure of Mempo follows a hierarchical pyramid structure, placing Memp in-between the OS layer and Virtual layers and on down the line. Mempo makes use of several other pieces of software to pull all the necessary pieces together to create the feature list they present. Mempo even goes as far as reaching into user applications, allowing users to preconfigure them for best security practices.
Mempo’s layers are fairly stacked, with several software pieces filling each layer. Coreboot with a hardened Read-Only boot+MBR handles the first layer with the Grsecurity+PAX (instead of SELinux) and custom patches handling the Kernel process. Full root encryption takes over with a hidden filesytem, with one-time, PIN, USB-key passwords and a patched display server. Then comes the Mempo manager, allowing creation of VMs, isolated users, and management of the Mempo ecosystem. In the VM space, the Xen prject and Qubes OS drive this creation and management. When it comes to networking, the highly profile Tor network is made use of, as well as Freenet, I2P, VPNs, all stackable and configurable.
Mempo takes security quite seriously, taking full advantage of known technologies such as PGP, Multi-Crypt, and secure random generators with entropy. You can compare security cases yourself on the Mempo project page. The Mempo name derives from its dictionary definition concerning types of facial armor worn by the Samurai class during feudal Japan.
The Mempo source code is available now on GitHub. Again, please keep in mind this is only a pre-alpha release, and is in the very early stages of development. As it stands today, the project is a mere 15% complete, but already much has been done. It must be said that Mempo, especially at this point is meant mostly for advanced users, although any one is free to tackle the early project of course. The Mempo team tells us in the near future, a distro/repo will be available for a much easier installation. You can however install the Mempo software stack on top of Debian stable for a similar experience.
The team has a call out for aspiring users to debug code, evangelicalism, or even donations. If you wish to contact the Debian team behind Mempo, the Contact section has many ways you can get in touch with them. Installation wasn’t too teeth-grating in my experience, but I am just getting to the early stages of trying all the features currently available.
The tools are out there, will you take the steps necessary to safeguard yourself?
Source: Debian Wiki