Re: kernel stack challenge
From: Horst von Brand
Date: Wed Apr 07 2004 - 21:47:59 EST
Sergiy Lozovsky <serge_lozovsky@xxxxxxxxx> said:
> --- Horst von Brand <vonbrand@xxxxxxxxxxxx> wrote:
[...]
> > And then there is the technology of _inventing_ a
> > language tailored to the
> > task at hand... even better than your list of
> > high-level languages.
> I started exactly with that. I found out shortly that
> have no idea of functionality needed for such kind of
> system.
Come back when you have found out.
> It was clear that requirments for this sytem
> can change rapidly.
I would not trust anything with "rapidly changing requirements" as security
infrastructure.
> Only general purpose language can
> address this problem (if we want to save time of
> development and introduction of new security models).
A security model has to be exhaustively scrutinized, proved correct and
complete, and well-tested. The implementation language is completely
irrelevant, the hard work is _not_ programming.
> Example. Current security policies are 'static'.
In what sense?
> It
> seems, that it would be nice to have 'dynamic'
> policies (with support from security model).
Again, what does this mean?
> Now,
> policy describes resources available for subsystem.
No...
> It
> may be useful to limit the sequence of access to
> resources - 'behaviour' of subsystem. I'm not sure if
> I want to implement that right away, but there is
> commercial system which does exactly that already (it
> was created later than VXE).
What is the use of restricting access sequences? If sequence A, B, C is
forbidden, chances are that C, B, A (or any of the other 4 permutations)
will give an attacker exactly what he wants.
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/