View Poll Results: Do you encrypt your data?
- Voters
- 37. You may not vote on this poll
-
November 15th, 2005, 01:48 AM
#1
Who is more knowledgeable when it comes to computer security?
Who is more knowledgeable when it comes to computer security?
After reading several great pdf(s) on "thoroughbred" security and the math that backs it....... I've come to the realization about who's smarter when it comes to the topic.
This mans name can be seen in the depths of the security pdf world. He is noted in five out of every ten pdf's I've read. James P. Anderson
David Bell and Len LaPadula ......... Clark-Wilson........etc...... etc.......
http://csrc.nist.gov/publications/history/#paperlist I promise you these are all great reads.
"Computers are nothing more than a collection of finite logical switches. It is not only possible to make something perfectly secure, but it has already been done by the good people at Ford Aerospace." ~ catch
I love that quote because in the face of reality you can't argue with it.
So I'll let James P. Anderson represent those guys.
-
November 15th, 2005, 03:56 AM
#2
There is no patch for human stupidity.
-
November 15th, 2005, 11:25 AM
#3
The mind is a terrible thing to close.
I'm talking about people who have paved the way for systems that are many generations old, which are so validated; they're retiring without ever needing a patch. Finite state machines.
-
November 15th, 2005, 12:44 PM
#4
Interesting spin young Will.
First principles. Read Marcus Aurelius. Of each particular thing ask: what is it in itself? What is its nature? What does he do, this man you seek?
What is the first and principal thing he does, what need does he serve by educating?
Now then, the quote that catch has thrown out there is excellent, but I have seein it word for word on other forums. I'm curious of the source and if Ford Aerospace has actually achieved this and under what conditions and requirements. Knowing how their automotive research division operates, my confidence is not high.
And finally, the answer to your question is, there is no answer. Perpsective will dictate how you answer. Perspective is not objective. If it's not objective, it's nearly impossible to measure.
I vote choice 3, none of the above.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
November 15th, 2005, 01:35 PM
#5
Originally posted here by thehorse13
Ford Aerospace has actually achieved this and under what conditions and requirements. Knowing how their automotive research division operates, my confidence is not high. --TH13
Doctor, did you see the PDF 6th from the list?
ford78.pdf Ford Aerospace, Secure Minicomputer Operating System (KSOS): Executive Summary Phase I: Design, Western Development Labratories Division, Palo Alto, CA 94303 (April 1978)
That scanned type hurts your eyes because it's been typed.
http://csrc.nist.gov/publications/history/ford78.pdf
-
November 15th, 2005, 05:06 PM
#6
I'm talking about people who have paved the way for systems that are many generations old, which are so validated; they're retiring without ever needing a patch. Finite state machines.
Every computerchip is a finite state machine, but how many states does a pentium 4 have? About a several zillion? Being able to map all freakin states is theoretically possible, but it's not gonne make stuff more secure. A computer virus is a list of "legal" instructions too, yet it ****s up your computer. Now if you're gonne map all possible series of states, you'll still have an infite number of scenarios. You can't map that.
-
November 15th, 2005, 05:55 PM
#7
I'm with TH13, I'll take choice 3.
-Maestr0
The PSOS umbrella also supported CSL's early work on Information Flow. Given the HDM SPECIAL specifications for a security kernel, Rich Feiertag's flow analyzer (report CSL-109) produced would-be theorems that were fed to the Boyer-Moore theorem prover. This approach was used to analyze the multilevel security of KSOS (Ford Aerospace's Kernelized Secure Operating System), and found security flaws and covert channels in 16 of the 34 kernel functions. (The generation of would-be theorems and their proof efforts took 2.5 hours to run.)
http://www.csl.sri.com/programs/secu...-projects.html
There's the math to prove it for ya.
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
-
November 15th, 2005, 07:30 PM
#8
The only way a computer can be formally and verifiably "secure"
is by limiting the number and type of machine instructions so
that no unexpected or unanticipated code can execute. Simple
computers like digital watches come to mind. Or, the control
systems in automobiles. A car's computer can't accept any
programming except by replacing or reprogramming a PROM
containing its entire repertoire of routines. Pretty safe.
A personal computer is multi-purpose. For better or worse,
it allows you to do as you please. The flexibility is necessary;
the vulnerability is acceptible, and can be mitigated by good
programming and user behavior.
Trying to make a fool-proof computer, complex, useable,
and productively useable by morons and malicious geniuses
is a fool's errand. It's a simple dilemma. Either make the system
self governing and rigidly unuseable (at least for tasks unforeseen
by its designers), or design it wide open, with known and published
behaviors, and limit whose fingers are allowed to touch the keyboard.
Formal security is the Maginot line of the computer world, admittedly
impenetrable but irrelevant to the strategy the enemy is likely to use.
The Three Mile Island nuclear accident happened because, if the operators
had heeded every warning, they would have shut the thing down every
few hours for another over-sensitive alarm, Take the human operators out
of the loop, and the automatic mechanisms wouldn't have permitted it
to operate at all. People always bypass safety features because it's
the only way to make things work.
More formal, top-down security designs will only make this worse.
At some level you have to trust someone, even if that someone
is yourself.
I came in to the world with nothing. I still have most of it.
-
November 15th, 2005, 07:51 PM
#9
Doctor, did you see the PDF 6th from the list?
Yes I have young Will but apparently the detail that escaped your attention did not escape another young agent by the name of Meastr0.
lol.
Now, if you'll excuse me, I'm having an old friend for dinner...
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
November 15th, 2005, 08:01 PM
#10
Doctor, did you see the PDF 6th from the list?
I never read PDFs. It's a sure sign that the author is a moron.
I came in to the world with nothing. I still have most of it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|