Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Tue, 2003-05-27 at 15:33, Derek Martin wrote: > > If someone were to break into your system and steal your 7 years of > financial records, they could easily use that information to steal > your identity. They could obtain loans and credit cards in your name, > run them up, and default on the payments, leaving YOU with a real > credit problem, and quite probably thousands of dollars and hundreds > of hours worth of pain to clean up the mess. This kind of crime is > becoming increasingly common, according to an FBI agent I spoke with > at a SANS conferecne. On the one hand, I suspect that my credit card numbers and what-not are in so many databases that regardless of what I do to protect my own computer, somebody has already snarfed enough of my personal information to steal my identity, and the only reason they haven't (to my knowledge) done it yet is blind chance. (Note to self: verify that our homeowner's insurance includes coverage for identity theft....) On the other hand, I am careful not to store account numbers in my gnucash file. > The Unix philosophy, to write software that does one thing and does it > well, is inherently much better for security than the Microsoft > philosophy, to write giant software behemoths that do everything under > the sun. The Unix philosophy makes it easier to track and fix bugs > than the Microsoft philosophy. Large, complicated software projects > usch as those for which microsoft is prone to write almost guarantee > complicated bugs that affect multiple components of such a system. > Until THAT changes, I seriously doubt that you'll see Microsoft make > any substantantial gains on Free software in the realm of security. The most interesting improvement on the Unix security model that I've seen is capability-based security. Instead of attaching ACLs to objects and checking a process's user ID against the ACL before permitting access, each object has a "capability" associated with it (note that these are not the same as the "capabilities" that were recently added to Linux), and the process has to present the appropriate capability before getting access. So, for example, a Web server could have capabilities to read and write to port 80, and to write files in its logging directory, to execute certain scripting languages, and to read files and scripts from certain directories. If the server needed to call a script, it could execute the scripting language and hand over capabilities to read whatever script was called for, to write to one specific log, and to read and write to the HTTP connection that the server had opened up. Even if there were security holes or Trojan horses in the scripting language, the script would be unable to touch any other part of the system. (It could not, for example, trap passwords that users typed into a Web form and store them some place that an attacker could check later.) If someone called the same scripting language from the command line to perform some other task, the language would get the capabilities it needed to perform that task, but again, it couldn't touch any other part of the system. EROS, the Extremely Reliable Operating System, is an open-source capability-based OS that has been under development for a number of years. (It started out as a Ph.D. dissertation.) For a description of the OS and some interesting stuff on capability-based security, see "http://www.eros-os.org/". -- "An RDBMS vendor's strategy for customer satisfaction is that you will be their customer and they will be satisfied with how much money you pay them." --Philip Greenspun // seth gordon // sethg at ropine.com // http://ropine.com/sethg/cv.html //
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |