~misterio/IC

667837dfa2429aeaf22acc9cf836cedbb3be9a0f — Gabriel Fontes 1 year, 9 months ago d64520f
mais progresso
1 files changed, 29 insertions(+), 17 deletions(-)

M project.md
M project.md => project.md +29 -17
@@ 1,4 1,4 @@
# Building zero-trust computer science learning laboratories
# Building a zero-trust computer science laboratory

Student: Gabriel Silva Fontes



@@ 12,26 12,38 @@ learning environments

## 1. Introduction and motivation

Computer laboratories are an essential (yet expensive) piece of public
infrastructure, even more so when speaking about high education institutes
focused on computing fields. Having access to working computers in a social
environment, during classes or extracurricular activities, plays an important
role in computer sciences learning[1], particularly for students who can't
afford to purchase a personal laptop.
### 1.1 Computer labs and software choice

Securing these environments are not simple tasks, however. Laboratories, like
most public-ish IT systems, should be treated as _zero-trust_ environments.
Administrators are usually forced to strike a balance between security and
flexibility.
Computer laboratories are an essential piece of public infrastructure, even
more so for high education institutes focused on computing fields. Having
access to working computers in a social environment, during classes or
extracurricular activities, plays an important role in computer sciences
learning[1], particularly for students who can't afford to purchase a personal
laptop.

Specially in the institutions we mentioned, the need for user flexibility is
even bigger: each subject might require a completely different software stack,
each student may prefer a different tooling.
Building these environments are not simple tasks, however. Laboratories, like
most public-ish IT systems, can't be treated as trusted environments. These
public computers can't have as flexible of a usage as personal ones can. This
requires administrators to strike a balance between security and flexibility.

Security usually involves not allowing for any kind of superuser privilege.
Specially in the institutions we mentioned, flexibility is even more important:
each student might prefer to use different software tooling, and each subject
might require completely different software stacks.

Security usually involves (at least) denying superuser privileges to users.
Most computer operating systems do not support unprivileged software
installation, forcing IT administrators to install a subset of packages,
culling the amount of tooling choices the users might have.
management, forcing IT administrators to install a specific subset of packages.
This minimizes the amount of tooling choices users have, and maximizes
maintenance burden with constant installation requests.

With this work, we hope to research and create a computer lab system that:
increases user software freedom, enforces security for the institutions, and
decreases IT burden.

### 1.2 Existing solutions

All solutions boil down to some sort of isolation between users: be it enforced
by the running system, or full wipes between uses.

**TODO**: Existing solutions (together with last paragraph)