Apple Hires Former Security Director of One Laptop Per Child

In a blog post, Ivan Krstić, former director of security architecture at One Laptop per Child (OLPC), has revealed that he has taken an unspecified position related to core security at Apple. Krstić is well-known among security experts, having been named the second most influential person in security by eWeek in 2008.

As Krstić notes on his personal web site, his expertise and passion lie in making computer security easy for users:

I enjoy breaking computers. I enjoy making computers hard to break even more. Unfortunately, most people are really bad at the latter. At OLPC, I had put a lot of work into designing Bitfrost, which is a system for securing computers that's trying to be both hard to break and easy to use.

Bitfrost is a security specification that "sandboxes" applications into their own virtual operating systems, preventing viruses or other programs from damaging the operating system or accessing files. Given the focus of OLPC on children, Bitfrost is designed to be almost invisible to the end user.

We have set out to create a system that is both drastically more secure and provides drastically more usable security than any mainstream system currently on the market. One result of the dedication to usability is that there is only one protection provided by the Bitfrost platform that requires user response, and even then, it's a simple 'yes or no' question understandable even by young children. The remainder of the security is provided behind the scenes.

Bitfrost is meant to improve upon the 35-year-old UNIX permission system which persists today in Mac OS X, but Bitfrost requires that individual applications be "Bitfrost-aware", meaning that the security specification is unlikely to easily transition to mainstream operating systems. Krstić's work on Bitfrost, however, demonstrates his focus on novel security approaches that are easy to use.