Lists Home |
Date Index |
On Tue, 30 Sep 2003, Dare Obasanjo wrote:
> > Tim Bray [mailto:firstname.lastname@example.org]:
> > Really? Which part? The assertion that Unix is basically
> > simpler than the alternatives, or the assertion that it
> > achieves a good level of security?
> The latter. Better people than me can tell you why this common
> misconception is false[0,1]. The main thing the Unix family of operating
> systems have going for them with regards to security is the higher
> degree of sophistication of their users and their lack of mainstream
> adoption than on their qualities as a "secure system". Of course, you
> may have a lower criteria for the term "secure system" than I do in
> which case YMMV.
>  http://www.nsa.gov/selinux/faq.html#I2
>  http://books.rsbac.org/unstable/x115.html
* No system is 'secure', systems usually trade security for
performance, ease of use etc.
* If information is worth x and it costs y to break into system
and if (x < y), then not worth encryption
* Wasteful to build a system that is more secure than is necessary
The question is not 'is a system "secure".'
The question is 'is a system _sufficiently_ secure.'
A PC running MS-DOS 2.0 , in a public, unsupervised location with an
application running from the floppy drive may be _sufficiently_ secure for
its intended use.
A computer system rated secure to A1 per DOD-5200.28-STD kept in a
permanently sealed case with no removable media, with encrypted permanent
storage and data pathways requiring both biometric credentials and time
variant tokens, in Tempest certified facilities and configuration, having
a limited set of operators security cleared to Top Secret, electronic and
physical searches of personnel entering and leaving the facility and real
time video surveillance of the operators might _STILL_ be insufficiently
secure for its job.
The unqualified word 'secure' is essentially meaningless.
NO system is, without qualificiation, 'secure'. If I am willing to expend
sufficient resources _ANY_ system can be penetrated. Whether by technical,
social, political or military means.
With the possible exception of a system that has been rendered into its
base chemical components, all of its operators and inventors shot and
its blueprints cremated and mulched.
Gauss's law is always true, but it is not always useful.
-- David J. Griffiths, "Introduction to Electrodynamics"