NCipher Takes Hardware Security To Network Level
Anne & Lynn Wheeler
lynn at garlic.com
Mon Oct 13 18:24:51 EDT 2003
At 10:22 PM 10/13/2003 +1300, Peter Gutmann wrote:
>So why is this stuff still present in the very latest certification
>requirements? Because we're measuring what we know how to measure, whether it
>makes sense to evaluate security in that way or not. This is probably why
>penetrate-and-patch is still the most widely-used approach to securing
>systems. Maybe the solution to the problem is to figure out how to make
>penetrate-and-patch more rigorous and effective...
I would contend that the penetrate-and-patch model is because the original
base was not designed for 7x24, fully interconnected environment. some
slightly related comments on the subject:
http://www.garlic.com/~lynn/2003n.html#14 Poor People's OS
The air force found none of the problems in the studied infrastructure:
http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from
the Multics Security Evaluation
http://www.garlic.com/~lynn/2002l.html#43 another 30 year thing
http://www.garlic.com/~lynn/2002l.html#44 Thirty Years Later: Lessons from
the Multics Security Evaluation
http://www.garlic.com/~lynn/2003i.html#59 grey-haired assembler programmers
(Ritchie's C)
http://www.garlic.com/~lynn/2003j.html#4 A Dark Day
the contention is that the system was designed to handle the circumstances.
The currently common distributed software was not originally designed to
handle this kind of situation .... and repeatedly it has been demonstrated
for assurance to work well .... it has to be designed in from the start
.... not added on afterward.
At various times, we had polite competition since the worked referenced in
the air force study was done on the 5th floor of 545 tech. sq ... and I was
on the 4th floor ... also working on what was considered a secure (but
totally different) system.
http://www.garlic.com/~lynn/subtopic.html#545tech
There were issues about unfair comparison since at the time of the
following .... the totally number of systems ever existing for the 5th
floor system was something over one hundred. The total number of just
internal corporate machines running the 4th floor system was in the
thousands and the number of customer machines were low tens of thousands.
So we just had light hearted competition with regard to just code I wrote
.... and the number of (internal) machines that I directly provided systems
for (something over a hundred ... comparable to the total number of 5th
floor systems).
The following reference was the system that the air force data center in
the pentagon was running was getting old ... and they were looking at newer
hardware, in this case initially twenty newer machines, each with about the
same MIP rate of the aging machine running the 5th floor system. As
referenced, this then turned into 210 such machines:
http://www.garlic.com/~lynn/2001m.html#15 departmental servers
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list