Why We Use Our Own Zero Trust Linux Distribution to Build Our Applications
“Why did you create your own Linux distribution and use it, when there are so many good ones out there?”
I have been asked this question in various ways many times over the past few months at tech shows and in my meetings with potential customers and partners. The wording may change, but my reply is always the same: security.
This is not to say there aren’t some really good distributions available already, and we in fact chose one of these for our own distro: Debian. However, all of the available options have one huge security weakness that we wanted to overcome in order to fully protect ourselves from the increasing ransomware and cyberattacks happening across all industries: root privileges.
The Weakness
A root user is the administrator account on a Unix-like operating system. It has unrestricted access to the system and can perform any action, including modifying files, creating and deleting users, or even copying and deleting the system.
As such, if this user is compromised then the whole system is breached with all files accessible. And while most operating systems can be hardened at the network access level, the user access level and additional security can be added to secure any running services, if a compromise happens this is all irrelevant.
Our Solution: The Zero Trust File System
KenSai is our Zero Trust Linux distribution.
To eliminate the root privileges weakness, KenSai utilizes homomorphic encryption and Web3 technology. This means user files are encrypted at all times with no root access to the decryption, and the files are immutable meaning they cannot be modified, deleted, or overwritten – even by the root user. Because the encryption is homomorphic, computations can still be performed on the encrypted data without limiting productivity.
While immutability protects data from corruption, it does also present its own issues around file editing and collaboration. To overcome this, we created a versioning engine within KenSai that seamlessly stores a version of the previous file while only showing the user the most recent. This version history is securely hidden from the calling applications (VS Code for us) and from the user.
AI Management
Having made our own Zero Trust Linux Distribution, we then integrated our AI engine to securely automate a number of tasks. Including:
- Manage the encryption of each file (It is a different key for different file classes)
- Manage user access – To enhance the current Linux file data
- Managing semantic file searching
- Manage our own SLM (Small Language Model) that has been designed specifically for file analysis.
AI Analysis
During the development of KenSai, we realized the importance of accurate analytics for file systems, subsets, or even individual files. To address this need, we integrated a dedicated SLM directly into the distribution that could work on the fully encrypted data in real-time.
This SLM provides valuable insights, including:
- Sentiment Analysis: Understanding the emotional tone of the content
- Business Risk Assessment: Identifying potential risks or compliance issues
- Categorization: Automatically classifying files based on their content
- Author Training Needs: Pinpointing areas where authors may require additional training
- And a lot more!
These analytics empower businesses and developers to make informed decisions and optimize their workflows.
Conclusion
Our application code is incredibly important for the company as we put security and user-control at the heart of every decision, and as such it does not make sense to use any old file store. (No matter how hardened the network is or how anal user access controls are.)
By eliminating the traditional root privileges and leveraging homomorphic encryption and Web3 technology, KenSai offers a robust and secure foundation for building applications.
After all, if the files themselves are not being directly protected, then they will always be at risk!
Simon Bain, CEO