The Inevitability of Failure
Von: Robert Jasiek (jasiek@snafu.de) [Profil]
Datum: 18.06.2008 09:38
Message-ID: <1aeh5459utv4s8tulcf2r2i9a35lkak8l4@4ax.com>
Newsgroup: de.comp.security.misc
Datum: 18.06.2008 09:38
Message-ID: <1aeh5459utv4s8tulcf2r2i9a35lkak8l4@4ax.com>
Newsgroup: de.comp.security.misc
http://www.nsa.gov/selinux/papers/inevitability/ Der Artikel "The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments" von Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, John F. Farrell i. A. der NSA enthält ein paar bemerkenswert klare Passagen, die des Lesens wert sind: " No single technical security solution can provide total system security; a proper balance of security mechanisms must be achieved. Each security mechanism provides specific security functions and should be designed to only provide those functions. It should rely on other mechanisms for support and for required security services. In a secure system, the entire set of mechanisms complement each other so that they collectively provide a complete security package. Systems that fail to achieve this balance will be vulnerable. [...] a secure operating system is an important and necessary piece to the total system security puzzle, but it is not the only piece. A highly secure operating system would be insufficient without application-specific security built upon it. Certain problems are actually better addressed by security implemented above the operating system. [...] No single security mechanism is likely to provide complete protection. Unsolved technical problems, implementation errors and flawed environmental assumptions will result in residual vulnerabilities. As an example, covert channels remain a serious technical challenge for secure operating system designers. These limitations must be understood, and suitable measures must be taken to deploy complementary mechanisms designed to compensate for such problems. In the covert channel example, auditing and detection mechanisms should be utilized to minimize the chances that known channels are exploited. In turn, these should depend on secure operating systems to protect their critical components [...] [...] the threats posed by the modern computing environment cannot be addressed without secure operating systems. The critical operating system security features of mandatory security and trusted path have been explained and contrasted with the inadequate protection mechanisms of mainstream operating systems. [...] By arguing that secure operating systems are indispensable to system security, the authors hope to spawn a renewed interest in operating system security. If security practitioners were to more openly acknowledge their security solution’s operating system dependencies and state these dependencies as requirements for future operating systems, then the increased demand for secure operating systems would lead to new research and development in the area and ultimately to commercially viable secure systems. In turn, the availability of secure operating systems would enable security practitioners to concentrate on security services that belong in their particular components rather than dooming them to try to address the total security problem with no hope of success. "[ Auf dieses Posting antworten ]