[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-kernel
Subject: But... (was Re: signing a filesystem)
From: rdm () tad ! micro ! umn ! edu
Date: 1996-12-31 22:49:59
[Download RAW message or body]
First off a disclaimer: Ted T'so has expressed significant doubt
about my past email on the subject of security. It was fairly
non-specific doubt, however.
Second, my beef: I worry that a lot of the work being done to make
linux more secure is getting off on the wrong foot. I worry that
work is going into place that will make linux harder to understand
(thus, harder to audit, harder to secure) when similar efforts
would go a long way towards making the system simpler and more
secure.
(a) security labels are implemented as distinct linux boxes.
Information has a security label if it's on the appropriate
linux box. [I'd even assign different physical networks to
each security label if I was really concerned about security.]
(b) ssh or the equivalent is used to encrypt all network traffic
(except, optionally for the least secure classification).
(c) all user access to the system is via specific X servers. These
would be sealed units, with no ability to expand on fonts or software
(except by replacing them). These would have modified X server
software that enforces security labels. [No internet access from
secure machines -- this seems to be built into the specs.]
(d) sealing covert channels: high security traffic should receive
far lower physical priority (e.g. at routers) than low security
traffic.
In other words, I wouldn't on a kernel to enforce security
stratification beyond the simple level of access/no access.
You can achieve moderate levels of security by breaking up a
single machine into isolated sub-systems, but you're fighting
the underlying physical architecture when you do this, so
it's mostly a good way of eating your lunch. Requiring multiple
physical machines is a more expensive proposition, for some people,
but if you're really concerned about security the physical cost of
a pc-class machine is a trivial part of your total costs.
--
Raul
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic