The illusions of The Matrix

Albin Lidén albin.liden at gmail.com
Mon Feb 25 22:12:51 UTC 2019 

Please send this to the right team!
And please, do think about this as a project... and a beginning of another
era of computer security.
Do know: This is just a proposition and still an idea and abstract concept.

Here goes:
Hello you developers and govs of BSD and Linux

This is a proposal to a new security layer for *NIX systems
Please do read and ponder if it will be doable?
Could we create this "security mechanism" called ILLUSION with a security
application suite called "The Matrix"?

[ NONE REAL PRINCIPALS ARE INCLUDED IN THIS DOCUMENT, PLEASE REFER TO
TECHNICAL DOCUMENTATION INSTEAD, THIS IS ONLY THE CONCEPT/IDEA. ]
[ THE TECHNICAL TERMS AND DOCUMENTS WILL BE EMAILED LATER ].

Here it is:

>>>>>>>>>>>>>>>>>>>>>>>>>>The Matrix<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
A security suite program including the ILLUSION lock-mechanism
Having utilities/tools such as
websion <- localhost webbased configuration of the Matrix [ apache
localhost port 1337 ]
illcontrol <- ILLUSION control utility [ commands from console ]
and tons of config files

ILLUSIONd
 A service/daemon to govern security principals applied to localhost
 These principals arent documentated here, please think of them as: well
kind of, internal OS-"firewall rules"

 Upon installing the Matrix a GUID will be automatically generated (yes
such as in a database).
 This Guid is the password that is needed to inactivate the
protection/disable the daemon

 With Matrix installed
 * Users are unable to break the security principals currently applied by
admins of The Matrix

 Accounts and rights to the Matrix, it's utilities and functionalities
  * Mopheus: the root user installing the security suite (can shutdown with
right guid, anytime).
  * Smith:
  >> Administrator of the "Illusion-lock-mechanism" and full access and use
of its utilities
  >> Can temporaily disable the matrix for X seconds (being logged) but NOT
uninstall it (ILLUSION is reenabled again, after a reboot).
  * Agent (in three levels)
  >>  Agent Gold:
  >> full control of the software principal variables
  >> Can promote 1 user account on localhost to Neo
  >> Agent Silver: can customize and apply some of the security principals
and create the "bronze agent".
  >> Agent Bronze: can APPLY FOR a change of security principals (which is
then applied by gold agent)
  >> Agents cannot disable ILLUSION(d)

  * Neo
  >> Access custom rules withinin ILLUSION
  >> Accessable with webbrowser to localhost/apache

  * Someone: Regular user which is under the control of The Matrix and its
ILLUSIONS (not Pwned yet)
  >> Can see being restricted in illusion and what way

  * Nobody
  >> Pwned by the ILLUSION of The Matrix, looks like every other system
(well, it is not).
  This group of user accounts will see another netstat, ps-list, installed
programs, another userslist, uptime, uname etc).
  Because the ILLUSION is setup that way and the admins wants the user
handled by being restricted in such manner.

  Special Users:
  * INFILTRATOR
  >> Someone secret which can shutdown matrix instantly by having the
password to CMOS
  >> Gets 3 password/GUID-guesses then the computer will LOG and shutdown
  * casper
  Being a "friendly holy ghost" having access to spectate everything within
matrix security logs
  (Only spectate, realtime).
  * spook [ this user is an important "shadow" that should be impossible to
find/spawn after the ILLUSION is up ]
  >> spook will be the spectator of the real and the ILLUSIONIZED system.
  In a ILLUSIONIZED system the users will be "seeing double":
  (meaning ps axu, uname, uptime and so on will be unhonest/inaccurate but
look VERY authentic).
The whole OS wont even be traced to being under the influence of ILLUSION,
since The Matrix doesnt show if you havn't got the right clerance level

  * Tux is a user with access to the REAL ps axu/top/processlist. And can
therefor see what PID The Matrix and its ILLUSIONd really has

  PID-Modes:
  This number are the PID of the Matrix.
  * 7 being a code for a possible hacker (matrix has sensed hostile present)
  * 1337 being a code for a healthy running Illusion system (everything
works just fine)
  * ? will be the PID of the Matrix seen by the restricted users

!But for Tux  a special guest of honor, the real PID of ILLUSIONd will be
seen!

 The daemon/illusiond can be shutdown with the "operator take me out of the
matrix"-technique

  By: # kldunload ILLUSION --OAO (as in: over and out) <Installed_GUID>


Runninglevels:
1 Complicated
>> The Matrix being a type of jail with a utility for management, it will
be running as a daemon.
2 Sophisticated
>> Having Illusion load with kldload and unload with kldunload
3 Spooky
>> Booting this version of the kernel will always activate it's security
principals (ILLUSION is the kernel). NOT undoable nor shutdownable
4 NULL
>> Run it another way, have it your way


Here are some special tricks:

>> Putting Illusion in the Void-mode
This will put ILLUSION in a state of trance, pausing it, for later
operation (eat, sleep, rave. repeat).
Can only be done with PID, GUID and Smith access.

>> Workaround/Hack  (using command KILLALL u need password to CMOS to just
end the suffering of ILLUSION).
# killall <REAL-CMOS-PASSWORD> if CMOS has no password, this WONT work


[END NOTE: Concerning CAPS-LOCK, well developers, have it your way].
[MORE TO COME: Everything ILLUSION will protect, see next document].


Thanks for your time and please ponder.

More information about the freebsd-questions mailing list