I have a question about software design in general.
Bear with me as I attempt to explain my concept, as I am not a software developer or programmer. However, as someone who has worked and troubleshot hardware and software issues for the past 15 years, there is a concept that I wonder if it has already been looked at or applied to existing or previous software and I'm just not aware of it.
These days, especially with the growth of networking, security has become a major challenge. With that in mind, I have been wondering why our software, esp. our operating systems and filesystems are not designed in the following layered fashion:
1) Core OS/System that cannot be tampered with.
Changes made to this core layer would be nearly impossible and would require some kind of encryption/decryption process or other checks and balances to modify that layer (possibly physical hardware barriers as well as software barriers).
2) An UPDATE layer where updates and software patches would be placed.
As the OS boots, it would search and pull from this area to load updartes/changes into memory. If tampering is suspected, the system could still boot up on the core system without ANY updates OR re-point to a KNOWN-GOOD/SECURE update source to apply current updates/
3) An application layer where software applications would be installed.
This layer could be accessible and mostly functional even if the system were boot up on the core system without updates. It may lose some functionality because some updates have not been applied, but the idea should be they design the software to remain compatible with the core layer for basic functionality.
4) The Data layer where user data is stored.
This layer would be accessible even if the system boot up from just the core layer. The files could be moved and saved as needed, but may not work properly until the system can be started with the proper updates.
Each layer may have different levels of protection applied, much like you might do with multiple VLANs etc.
The point is that it is modular or compartmentalized to protect each layer from becoming affected/infected by viruses, spyware, etc when it takes place at one of the other layers. The Core should remain as impenetrable as possible.
The system could be restored by replacing that 'bad' layer with a known good copy (or recreating it) to reduce the chance of impacting the functionality or data that has been saved.
Does this make sense?
KH