[
Lists Home |
Date Index |
Thread Index
]
On Tue, 30 Sep 2003, Dare Obasanjo wrote:
> > Tim Bray [mailto:tbray@textuality.com]:
> >
> > Really? Which part? The assertion that Unix is basically
> > simpler than the alternatives, or the assertion that it
> > achieves a good level of security?
>
> The latter. Better people than me can tell you why this common
> misconception is false[0,1]. The main thing the Unix family of operating
> systems have going for them with regards to security is the higher
> degree of sophistication of their users and their lack of mainstream
> adoption than on their qualities as a "secure system". Of course, you
> may have a lower criteria for the term "secure system" than I do in
> which case YMMV.
>
> [0] http://www.nsa.gov/selinux/faq.html#I2
> [1] http://books.rsbac.org/unstable/x115.html
<quote attribution="http://www.cse.nd.edu/courses/cse598n/www/Lectures/Lecture14.pdf">
* No system is 'secure', systems usually trade security for
performance, ease of use etc.
* If information is worth x and it costs y to break into system
and if (x < y), then not worth encryption
* Wasteful to build a system that is more secure than is necessary
</quote>
The question is not 'is a system "secure".'
The question is 'is a system _sufficiently_ secure.'
A PC running MS-DOS 2.0 , in a public, unsupervised location with an
application running from the floppy drive may be _sufficiently_ secure for
its intended use.
A computer system rated secure to A1 per DOD-5200.28-STD kept in a
permanently sealed case with no removable media, with encrypted permanent
storage and data pathways requiring both biometric credentials and time
variant tokens, in Tempest certified facilities and configuration, having
a limited set of operators security cleared to Top Secret, electronic and
physical searches of personnel entering and leaving the facility and real
time video surveillance of the operators might _STILL_ be insufficiently
secure for its job.
The unqualified word 'secure' is essentially meaningless.
NO system is, without qualificiation, 'secure'. If I am willing to expend
sufficient resources _ANY_ system can be penetrated. Whether by technical,
social, political or military means.
With the possible exception of a system that has been rendered into its
base chemical components, all of its operators and inventors shot and
its blueprints cremated and mulched.
--
Benjamin Franz
Gauss's law is always true, but it is not always useful.
-- David J. Griffiths, "Introduction to Electrodynamics"
|