Who is more knowledgeable when it comes to computer security?

[skiddieleet]

Originally posted here by catch
can a malicious application in B compromise secret data?

Maybe.

[catch]

Maybe? Why do people forget that computer security falls under math and is a hard science. "Maybe" = I have yet to calculate the answer... if you were unable to calculate the answer from the example I gave, then you are in the wrong field.

I am sure you were just looking to be provocative... well bravo to you.

catch

[thehorse13]

Interesting analogy catchy ol’ boy, however, without considering the separate parts, you cannot have a collective entity.

That said, going back to your original analogy, substituting hyperopia for myopia also does no one any favors. This is also known as the management point of view.

Computers of course have no real concept of the collective whole, rather, only the boundaries of what it must perform. This is why weaknesses exist. Computers only do what we tell them, not necessarily what we want. Your quick brown fox example sorta relates to this.

More specifically, box A performs a math function. If box A doesn’t sanity check the variables fed to it, it’s not smart enough to know that it will do harm to the collective parts of the whole entity but still performs the math function. Separate parts must be looked at as well as the collective whole. This is where things become complicated because there are comprehension boundaries of the human mind and because of this imperfection, you cannot realize a perfect system.

And finally, pertaining to your question:

The answer is that B is no threat to A provided that there are no weaknesses in the many parts that make up A or B.

LOL.

Always love throwing **** down with ya catch.

[neel]

Originally posted here by catch
Maybe? Why do people forget that computer security falls under math and is a hard science. "Maybe" = I have yet to calculate the answer... if you were unable to calculate the answer from the example I gave, then you are in the wrong field.

I am sure you were just looking to be provocative... well bravo to you.

catch

I think what he's trying to say is that you're talking on different levels here. The hard science computer security models are an abstraction of reality. I didn't read the part of this discussion about the compartments, but for example in the production process of microchips there's a chance (altough very small) the chip passes all tests, yet has some defects that cause security problems. I'm quite sure those things are included in the models, but they're in the stochastic/chances part of math. What he's saying is, there's always things science doesn't account for or ignores based on a low probability.

And he might just be provocative too, but you're no fun flaming.

[Maestr0]

Compartment A contains secret information.
Compartment B allows any application to run.
A has full rights over B. B has no rights over A.
All of A's processes gain A's rights. All of B's processes gain B's rights.

Seems to me any trojaned application in B("Compartment B allows any application to run.") run by A ("All of A's processes gain A's rights") would be free to access the secret information and place it in in B ("A has full rights over B")

-Maestr0

[skiddieleet]

Originally posted here by catch
Maybe? Why do people forget that computer security falls under math and is a hard science. "Maybe" = I have yet to calculate the answer... if you were unable to calculate the answer from the example I gave, then you are in the wrong field.

I am sure you were just looking to be provocative... well bravo to you.

catch

I meant sort of what TheHorse13 said.

Originally posted here by TheHorse13
The answer is that B is no threat to A provided that there are no weaknesses in the many parts that make up A or B.

Somewhere down the line there's bound to be a weakness in B's compartment that would allow it to gain access to A. There's no way of knowing if this will occur, and if it does who will discover it first (auditors/pen testers or attackers). That's why I said maybe. You could be fine and nothing would ever go wrong. But it's not certain so I thought maybe fit. Would you rather I have said probably?

Anyway, I'm not in the field. I'm just a Computer Science student trying to learn as much as I can about as much as I can. Peace.

/me goes to look for the pdf that gives the equations to calculate the answer to your example.

[catch]

That said, going back to your original analogy, substituting hyperopia for myopia also does no one any favors. This is also known as the management point of view.

Without hyperopia there is no begining... with myopia there is no end. The procress of creating any system must start from a global view and flow toward the goal with increasing percision. Focusing on single points with no context only leaves you with questions.

Now it is true that your coders should be myopic, but they are being guided by project managers.

Computers only do what we tell them, not necessarily what we want.

That is the case on an immature request. the instructions given to the computer must first be verified as doing what we want... only then can come the validation of doing it correctly.

More specifically, box A performs a math function. If box A doesn’t sanity check the variables fed to it, it’s not smart enough to know that it will do harm to the collective parts of the whole entity but still performs the math function.

This example and

but for example in the production process of microchips there's a chance (altough very small) the chip passes all tests, yet has some defects that cause security problems.

that really cement my opinion that everyone should be required to learn Ada before any other programming language or any other advanced computing use knowledge.

Systems must be black boxed with sane single input single output modules... it is really unfair to attempt to poke holes in good computing foundations with the examples of problems that arise from sloppy computing.

Seems to me any trojaned application in B("Compartment B allows any application to run.") run by A ("All of A's processes gain A's rights") would be free to access the secret information and place it in in B ("A has full rights over B")

How do you figure? Any application in compartment B would have any subsequent process labeled as "B"... so no matter how good or evil it is it cannot compromise "A". This is the strength of compartments over permission bits. The rights will never propigate in an unpredictable manner.

Somewhere down the line there's bound to be a weakness in B's compartment that would allow it to gain access to A.

Weaknesses in compartment b can happen all day long... unless one occurs in compartment A, which is beyond the reach of compartment A, B will never gain access.

There's no way of knowing if this will occur

Do you mean aside from the results of analysis?

See... systems like UNIX and Windows NT... the designers know that things will go wrong. They have analyzed the security models and have found them to be flawed. Even with perfect code, the systems will still develop problems. Other systems have been anaylzed to results that say no such policy violations will ever occur. Don't confuse one type with the other.

cheers,

catch

[thehorse13]

Systems must be black boxed with sane single input single output modules... it is really unfair to attempt to poke holes in good computing foundations with the examples of problems that arise from sloppy computing.

This I can agree with but in the real world, most sound models are maintained by unsound IT staff.

Without hyperopia there is no begining... with myopia there is no end. The procress of creating any system must start from a global view and flow toward the goal with increasing percision. Focusing on single points with no context only leaves you with questions.

Would you still feel this way if you had people on the hyperopic side of the curve invisioning things that cannot be possibly done by those on the myopic end? For example, the project managers decide that they need a security solution that flys people across a pond, makes a pizza while in flight and then shines their shoes upon arrival on the other side. Oh yeah, and they need to be invisible, bullet proof and anonymous while in transit. Engineers are myopic (that includes myself) and as you pointed out, managers are hyperopic (which is where all the bad ideas begin and/or technically impossible ideas on a good day). Take my word for it, starting from hyperopic and flowing nicely to myopic is well and good in theory and in classrooms but in the real world, it floats about as well as a lead turd. There are many factors that influence design flows and without considering them, you yourself are myopic which contradicts your argument.

However, there are ways to hedge the deck and get a design flow somewhat close to your example. This is where technical project managers come in but there are very few good ones out there. Good ones have the ability to filter out all the white noise (politics, incompetence, budget restrictions, hardware limitations, security concerns, legal issues, ROI, etc.) before going forward with the design. When you shake out all of these things, you end up with requirements, the true starting point. I know you understand this.

[neel]

that really cement my opinion that everyone should be required to learn Ada before any other programming language or any other advanced computing use knowledge.

Systems must be black boxed with sane single input single output modules... it is really unfair to attempt to poke holes in good computing foundations with the examples of problems that arise from sloppy computing.

Is this as a reaction to my thing or is it a loose comment, because I don't exactly see what it has to do with my point... There are other languages who can describe hardware logic, for example vhdl, verilog, systemc. What I was talking about however, altough you can perfectly describe a system, there are still technical limits to implementing them. I believe it's still like a rule of thumb a new microprocessor doesn't work the first 3 or 4 times they try actually producing them, while that costs like a million dollars per try. My point of that example again was to illustrate that hard science logic math can still be BECOME flawed when it is eventually implemented, due to outside interference. They might even pass extensive testing and fail later.

I don't think that sounds so weird.

[skiddieleet]

catch,
You keep bringing up things that you're familiar with and people who aren't in the security field most likely aren't. I can never tell if what you claim makes any sense if I can't understand it. Perhaps your arguments are aimed at people in the same field at the same level, but maybe as a favor to me you could give short explainations of things which people not in the security field might not necessarily know. I would get more out of this thread that way as opposed to just letting it be over my head. I'm interested in the topic, I just can't follow how you present it most of the time. It's not you it's me . I just thought you might be willing to dumb some things down so others might be able to understand and benefit.

/me waits for TheHorse13's flame of my stupidity.