NCipher Takes Hardware Security To Network Level

Anne & Lynn Wheeler lynn at garlic.com
Mon Oct 13 18:24:51 EDT 2003


At 10:22 PM 10/13/2003 +1300, Peter Gutmann wrote:
>So why is this stuff still present in the very latest certification
>requirements?  Because we're measuring what we know how to measure, whether it
>makes sense to evaluate security in that way or not.  This is probably why
>penetrate-and-patch is still the most widely-used approach to securing
>systems.  Maybe the solution to the problem is to figure out how to make
>penetrate-and-patch more rigorous and effective...

I would contend that the penetrate-and-patch model is because the original 
base was not designed for 7x24, fully interconnected environment. some 
slightly related comments on the subject:
http://www.garlic.com/~lynn/2003n.html#14 Poor People's OS

The air force found none of the problems in the studied infrastructure:
http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from 
the Multics Security Evaluation
http://www.garlic.com/~lynn/2002l.html#43 another 30 year thing
http://www.garlic.com/~lynn/2002l.html#44 Thirty Years Later: Lessons from 
the Multics Security Evaluation
http://www.garlic.com/~lynn/2003i.html#59 grey-haired assembler programmers 
(Ritchie's C)
http://www.garlic.com/~lynn/2003j.html#4 A Dark Day

the contention is that the system was designed to handle the circumstances. 
The currently common distributed software was not originally designed to 
handle this kind of situation .... and repeatedly it has been demonstrated 
for assurance to work well .... it has to be designed in from the start 
.... not added on afterward.

At various times, we had polite competition since the worked referenced in 
the air force study was done on the 5th floor of 545 tech. sq ... and I was 
on the 4th floor ... also working on what was considered a secure (but 
totally different) system.
http://www.garlic.com/~lynn/subtopic.html#545tech

There were issues about unfair comparison since at the time of the 
following .... the totally number of systems ever existing for the 5th 
floor system was something over one hundred. The total number of just 
internal corporate machines running the 4th floor system was in the 
thousands and the number of customer machines were low tens of thousands. 
So we just had light hearted competition with regard to just code I wrote 
.... and the number of (internal) machines that I directly provided systems 
for (something over a hundred ... comparable to the total number of 5th 
floor systems).

The following reference was the system that the air force data center in 
the pentagon was running was getting old ... and they were looking at newer 
hardware, in this case initially twenty newer machines, each with about the 
same MIP rate of the aging machine running the 5th floor system. As 
referenced, this then turned into 210 such machines:
http://www.garlic.com/~lynn/2001m.html#15 departmental servers

--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
  

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list