Multi-persona architectures, then and now

Thali is, among other things, a powerful reminder of just how far ahead of the curve Groove was back in 2000. The other day I spoke with Omer Eiferman and Oren Ladaan about Cellrox, an isolation technology for Android that virtualizes the operating system’s kernel for multiple user spaces. It’s aimed at the BYOD (bring your own device) business market and driven by IT security. IT doesn’t, for example, want Facebook commingling with the corporate email client. But where end-user privacy is becoming paramount, especially in Europe, there’s grassroots demand as well. “You can’t put Facebook on a Blackphone,” says Omer Eiferman, “and you can’t swipe it at Starbucks to buy a latte.”

Each virtualized compartment is a configurable persona. One might run only corporate apps, another only Facebook. If a keylogger found its way into the Facebook persona, it would not be able to eavesdrop on the corporate persona. Conversely, users’ private personae can be configured without corporate MDM (mobile device management) controls.

Where had I heard this before? Groove. For a chapter on Groove security in the O’Reilly Peer to Peer book, I did extensive interviews with Ray Ozzie and his security team. Groove’s strong multi-persona architecture was one of its underappreciated features. Your personal, business, and gaming personae were cryptographically walled off from one another. It wasn’t obvious, to most people at the time, why that would matter. Now it starts to make sense.

Leave a Reply