[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Managing Innovation
On Tue, 30 Sep 2003, Dare Obasanjo wrote: > > Tim Bray [mailto:tbray@t...]: > > > > Really? Which part? The assertion that Unix is basically > > simpler than the alternatives, or the assertion that it > > achieves a good level of security? > > The latter. Better people than me can tell you why this common > misconception is false[0,1]. The main thing the Unix family of operating > systems have going for them with regards to security is the higher > degree of sophistication of their users and their lack of mainstream > adoption than on their qualities as a "secure system". Of course, you > may have a lower criteria for the term "secure system" than I do in > which case YMMV. > > [0] http://www.nsa.gov/selinux/faq.html#I2 > [1] http://books.rsbac.org/unstable/x115.html <quote attribution="http://www.cse.nd.edu/courses/cse598n/www/Lectures/Lecture14.pdf"> * No system is 'secure', systems usually trade security for performance, ease of use etc. * If information is worth x and it costs y to break into system and if (x < y), then not worth encryption * Wasteful to build a system that is more secure than is necessary </quote> The question is not 'is a system "secure".' The question is 'is a system _sufficiently_ secure.' A PC running MS-DOS 2.0 , in a public, unsupervised location with an application running from the floppy drive may be _sufficiently_ secure for its intended use. A computer system rated secure to A1 per DOD-5200.28-STD kept in a permanently sealed case with no removable media, with encrypted permanent storage and data pathways requiring both biometric credentials and time variant tokens, in Tempest certified facilities and configuration, having a limited set of operators security cleared to Top Secret, electronic and physical searches of personnel entering and leaving the facility and real time video surveillance of the operators might _STILL_ be insufficiently secure for its job. The unqualified word 'secure' is essentially meaningless. NO system is, without qualificiation, 'secure'. If I am willing to expend sufficient resources _ANY_ system can be penetrated. Whether by technical, social, political or military means. With the possible exception of a system that has been rendered into its base chemical components, all of its operators and inventors shot and its blueprints cremated and mulched. -- Benjamin Franz Gauss's law is always true, but it is not always useful. -- David J. Griffiths, "Introduction to Electrodynamics"
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|