Slashdot Mirror
IEEE to Standardize OS Security Components
aster_ken writes "The Institute of Electrical and Electronic Engineers has started work on a standard for securing operating systems, as a recognition that software security is 'limited by the operating systems that underpin them', the organization said yesterday. The standard, dubbed IEEE P2200, will address external threats and intrinsic flaws arising from software design and engineering practices."
Microsoft creates own standards beaurou
Deems Windows perfect, others not
That's just great, codify the security aspects of OSes into a $100 document that can't be freely redistributed. That's a really good idea...
They should just copy/paste linux & the bsd's file system properties and make simething similar to SELinux's security manditory.
/rant
oh.. and ban microsoft.
Awesome. Operating System design is one of the most underdeveloped fields of the industry and I believe that this is a step in the right direction towards the development of a mature, secure operating system for general use!
"I'm not buying windows! Its not certified!"
riiight
Such as how they did kerbose to be incompatble with Unix implementation. What good is a security standard if that implementation is going to be "extended" by the biggest player?
Free Unix? Free Windows. http://www.reactos.com
another standart for M$ break without giving a shit.
If the purpose is to bring people's awareness to fundamental flaws in MS Windows, it isn't going to work. Business, especially that which is connected to government, is like a little junkie. They know it's bad for them, but they just need another fix of XP, Office, Outlook, et al.
MS has no motivation whatsoever to change their model. Some external nuissance like IEEE isn't going to change how they do business.
Graham
Linux - Fast Pane Relief
The other is that at some point a system that adheres to the standard will be compomised and will raise questions as to the usefulness of this standars.
I don't question the need for standards , but not all things can be standardized. Standards stand for a commonnly accepted way of doing something. Security is still too volatile.
Slashdot Sig. version 0.1alpha. Use at your own risk.
Never mind a secure OS, I think these electronic engineers sound like very useful devices. Is there a review of one anywhere? How much do they cost? Do they run Linux?
Thanks!
I was wanting to read the article but it was slashdotted.
Thanks again.
It'll take a lot of work to make windows secure!!
No operating syatem is completely secure anyway, there are always some 'undocumented features'
.
So, did anyone else read the linked article and think "Looks like someone bought the IEEE's support of TCPA / Palladium"?
I hope not, but it certainly sounds that way. Basically, it makes the point that we cannot trust people not to run programs that break their own (or others) computers, so the task of limiting what (possibly malicious) code can run falls to the OS.
Sad. If I didn't have complete confidence that any DRM scheme will eventually prove itself flawed, I might actually worry. Though, I certainly do not look forward to the general inconvenience it would cause, regardless...
Only education (and not running Outlook) will help reduce the modern plague of worms, virii, spam, and other ways to generally make a computer and the internet grind to a crawl. Not legislation, and not crippled hardware. People simple need to learn how to secure their own damn machines.
Site is slashdotted.
IEEE P2200 will build on NIST and ISO Common Criteria documents, but will be an independent standard.
Anyways the IEEE has a track record of working on security-related standards includnig the popular P1363 (Standard Specifications for Public Key Cryptography) standard. P1363 defines standard implementations of public key crypto ciphers based on Integer Factorization, Discrete Log, Elliptic Curve, and Lattice algorithms.
Ill be waiting to see this P2200 come arround.
It's true that some flaws in the OS are inherently design-based. However, even if we make certain design requirements to be incorporated in the OS, it still doesn't guarantee that the OS is secure. I would think that it even can't minimize the number of OS breaches. It would even hamper the OS development in order to comply with their standards.
About the quote regarding the "minimum expectations of consumers for security and general reliability by establishing a floor for these characteristics". I don't think it would be possible the goal of "the least restrictive requirement while not relenting the control" is vague. Unless it provides rigid post- or pre-conditions of each method (in first order logic if necessary) and provide each formal specifications unambiguously, I would still see some leaks here and there. And, guess what? They put the requirement like UML standards: Way to vague. Congratulations.
For those of you who are curious, click here for the draft.
--
Error 500: Internal sig error
I think it's time for all OS's to accept standards to help people interact with eachother effectively and securely. As everyone know MicroSoft has shunned many attempts at standards in order to control their market share by keeping their users pinned into MicroSoft sanctioned data. This has the effect of forcing businesses to support the MicroSoft users first and everyone second if at all.
.Net applications thus forcing the same cycle of users/companies designing to MS standards again thus shutting out the rest of us from secure systems.
I think a security standard should be enforced by a world body to help prevent MicroSoft from once again taking the standard and corrupting it to work only with Windows and
Some would say standards hurt computing that's not exactly the case. You can design products around standards and still compete with other standard compliant products. It allows everyone to remain compatible and at the same time darwinism will take effect with bad products going away and good products evolving to better suit their users.
It will address essential functions for cross-platform security, including identification and authentification, access control and key cryptographic concepts.
This is awesome fucking news...
It'll be interesting though, to see just how tangent to TCPA it will be...
Don't worry, 'brake' works in this context too.
Did you Read The Fucking Post? It's littered with trash. Fucking idiot.
Graham
Linux - Fast Pane Relief
if IEEE just redirected their new site here
Not really condeming of anyone in particluar, but I doubt the big player of the PC world will take orders from anyone. They didn't for any of their software, why would they take standards for the core OS of everything? Microsoft seems to be it's own standard, which is too bad.
SAILING MISHAP
One, the final standard spec will be loose enough that Windows will already be compliant, so it won't mean anything.
Two, the final standard spec will be Microsoft's Window-centric implementation of a secure system (existing windows systems may not be compliant, but future ones would be). No non-Windows system would be able to meet the standard without extensive licensing fees being paid to Microsoft to license the technologies needed.
Three, the final standard spec will be sensible, and Microsoft will ignore it. With the mainstream desktop environment paying no regard to the specification, the spec fails to acquire the widespread adoption necessary to become a real standard.
File under 'M' for 'Manic ranting'
It has no network adapter (modem or otherwise) and no input devices (as in all the ports ps/2 com et cetra have been melted shut or broken off) It has no hard drive, just rom, and It's in a chest rigged to explode somewhere at the bottom of the north atlantic! I extend an invite to all the hackers/crackers to try to by pass it!
--fetch daddy's blue fright wig, i must be handsome when i release my rage
Two, possibly different, Anonymous Cowards have said how good it was. Plus the original poster who might possibly be a completely different Anonymous Coward to the other two. So why would we listen to you, troll?
This is typical of so many kiddies these days: "I want everything for free, even if it's something I will never need/use/understand".
Many products that are the result of the work of many people - like cars, toasters, and yes, even documents - cost money to produce. Learn to recognize which items are worth the amount on the price tag, and purchase accordingly.
I want to drag this out as long as possible. Bring me my protractor.
All you need is an ARM, firmware in FLASH (so it can be upgraded when it is inevitably cracked), a PCI interface and the 10/100 guts - not substantially more than is already on a NIC, although admittedly much more than is on your $4 8139 based card. That would all fit into a chip (a small, low power chip at that), which means it could be incorporated into a laptop.
Why isn't there a more sophistacted watchdog in the motherboard chipset itself? With all those transistors there's no reason they couldn't dedicate an entire ARM or even a 386 core to the task. It doesn't have to prevent intrusions it just has to detect them and then activate some "doomsday" mechanism - like locking out the network port (which can also be on the motherboard chip, as it already is in many) or even just activating a hard reset. Through an on-board NIC it could do statefull packet analysis and it could keep a DENY list right in on-board FLASH.
I set a watchdog to monitor my connection through my firewall. If the outgoing data rate goes over a certain threshold (which would indicate an intrusion and someone mining data from my PC) then it simply hangs up the phone and rotates the autodialer to a different number. This capability requires a custom applet on my desktop and an external router.
Why? As cheap as silicon is these days this capability should be trivial to add right on the motherboard. It's not glamorous and it's not going to work in every case, but it's absolutely going to work in many of the most common cases - including substantially slowing the spread of virii, as an infected machine would instantly become trapped in a boot cycle or just knocked off the network. Yeah, that means every virus infection becomes a DDOS attack - but better for a few hundred machines to get knocked down than a few hundred thousand allowed to roam free for days or even months, eating up gigabytes of bandwidth with useless PING packets.
I wish more in the linux community didn't consider most of this technology such a flashpoint, because this is one area where the Open community has a real opportunity to make a substantial contribution and potentially drive platform design. If an open sourced core could be added to a motherboard chipset and would add only a couple of dollars, and that core would add substantial security to the platform, you have a feature that mom and dad understand and are willing to pay for.
Othrwise we just let Microsoft and AOL do it, and all it adds to the platform is a few bullets about the kneecaps.
Conform? They have *always* made it appear as though they conformed; if they really do is the question. But a "standard", a game that anyone may play, marginalizes them; that is what they will do anything to avoid.
ah yes Linux is the most secure os ever. And bzImages work with every bootloader too. (funny, yaboot doesn't seem to like them. I guess when your computer doesn't boot at all its pretty secure).
Why not fork?
Do we need any standard but; "don't use any Microsoft products".
(ok, I realize they really talk about a broader view of security, couldn't resist though)
You know, saying all that stuff without even offering the vaguest idea of what your information source is only makes you sound like someone who's on a rant about something nobody wanted to argue about in the first place.
File under 'M' for 'Manic ranting'
Proof that moderators don't read the article. (Not like that was news...)
"a standard to formulate consistent baseline security requirements for general-purpose (GP), commercial, off-the-shelf (COTS) operating systems"
Too bad, it might have been useful for Non-Commercial Off The Net Software (NCONS) too. Ever get the feeling that someone has just been dying to use a new acronym?
Redhat, Mandrake, and many other vendors of linux are indeed general-purpose, commercial, off-the-shelf operating systems.
GPL'd web-based tradewars themed space game
Easily has to be one of the WORST sigs I've ever seen on Slashdot. Its so devoid of humor that even CmdrTaco doesn't think its funny. Here's a quarter, son. Go buy yourself a new one.
This is a software, not hardware issue. The ACM would be a more appropriate oversight group for this.
Um, yes, perhaps.
... and laugh or weep to taste. (I have this phone which works in 199 countries of the world and doesn't work in one, which is ... guess which? Likewise there's just one county in the world which uses strange paper sizes ... just one country which is so wedded to Imperial units that it crashes spacecraft in preference to following international standards ... and so on and so on ...)
Remember the reaction of the average American to an international standard is to denounce it as a communist plot, particularly if one of the European standards bodies takes an interest (or even ISO, which most Americans regard as European and therefore communist).
If you want an example of how well Americans make good use of international standards you just have to look at their mobile phone system
Now, if most operating system manufacturers were European and Japanese this would be a good idea, because they'd be likely to follow any new international standard. But it happens to be a fact of life that many operating systems are produced or contributed to by Americans, so any such idea is dead in the water before it gets off the ground.
http://hiro-tan.org/~ekoontz/IsDying/
As long as there are people creating software, there will always be security bugs in the operating system. You just can't go over millions of lines of code and spot every bug that can result in a security breach - especially if two portions of code combined are the reason for the breach (those two pieces of code can be hundreds of thousands of lines of code apart). I predict that they'll certify an operating system secure... and then the next day a security alert will be announced for it. Microsoft has come a long way from their old operating systems - Windows Server 2003 is much more secure, but no operating system will ever be 100% secure as long as there are hackers out there to test every possible vulnerability... and the fact that there are administrators out there that may not secure the OS down and make stupid configuration errors.
"This standard will enable mass production of a class of operating systems that meet the minimum expectations of consumers for security and general reliability by establishing a floor for these characteristics."
This sure looks like it's about real security, not DRM.
Nice. Real mature. You're a disrespectful little shit.
Why? The name of the standard is too hard to say.
.. occasionally you have to make a sharp turn but the straight-aways are worth it.
Go ahead, try it:
eye-triple-ee Pee two two zero zero : no good, takes too long, too repetitive, you might end up leaving off a zero.
eye-triple-ee Pee two two oh oh : no good, it's hard to say oh-oh without sounding like you're reaching climax, or sounding like a broken outboard motor
eye-triple-ee Pee twenty-two hundred : getting better but all those "T" and "P" sounds are juxtoposed, dragging your tongue over jagged mountain ranges of sound just for the minor respite of letting the back of the throat handle the "hu" sound, then it's back to work for "ndred". no good.
Compare with:
eye-triple-ee eight-oh-two dot eleven : now that's smooth, like taking a high-speed drive through the cool mountain air
it's all branding folks.
Thanks for reminding me this idiotic isolationism isn't a recent phenomena. Realizing our long history of blundering idiocy is somehow comforting in these times of widespread malevolent idiocy...
...For Microsoft to bastardize from something that initially worked fine into something that won't be worth looking at by the time they're done with it.
There is only one satisfying way to boot a computer. -- J. H. Goldfuss
You just can't go over millions of lines of code and spot every bug that can result in a security breach
That's why really secure OSes don't have millions of lines of security-critical code.
Oh yeah... remember the RPC implementation that Microsoft chose for RPC? IEEE 666
People simple need to learn how to secure their own damn machines.
Most security holes are caused by implementation flaws in the software, not by the way the system is configured. Granted, a user can configure their machine to reduce the number of potential holes, but that doesn't change the fact that there are probably hundreds of exposed security holes on their machine.
If you want more secure systems, developers need to use better practices. The most common security hole is a buffer overflow. Users won't know it exists, and even if they did, most users aren't capable of fixing it. Responsibility for this type of hole falls squarely on the developers.
OpenBSD is well regarded as one of the most secure systems in the world. It was extensively audited, yet it still had a remote root exploit. And what type of exploit was it? A buffer overflow!
Buffer overflows should not happen in the first place. They happen because A) most code is written in C or C++, and B) everyone makes mistakes (even the finest open source developers overlook simple buffer overflows).
Microsoft is moving to languages with managed types. If they had been using managed types all along, the overwhelming majority of Microsoft security holes would have never happened.
Open Source developers, on the other hand, arrogantly believe that they are immune to mistakes. They somehow overlook the countless exploits discovered in their own code (more than 500 in Debian over the past 4 years).
It is time for open source to wake up and start using better tools and better practices.
IEEE is responsible for a LARGE number of the computer-related standards out there. They are not just "someone" that puts out a standard. IEEE is probably the largest organization of computer and electronic-related people anywhere.
Of course anybody can ignore a standard, but if the largest organization in the world in this industry goes one way, do you really want to go the other way?
Erioll
but how would that actually work? would the standart just say something like
The OS has to be unhackable, uncrackable, virus-proof, and if it doesn't comply it can't be used/sold/distributed? or The OS has to be somewhat -/-, etc?
When you get to OSes (ie servers) that have a heavy interaction layer with outside parties (ie the Internet), there are bound to be millions of lines of code in there. They can cause range from area-specific breaches (ie destroy contents on IIS) to operating-system wide breaches. Also, if the server is running at a high enough security level in the system, it alone can cause operating-system wide breaches. Most of the "critical fixes" Microsoft has put out have been for IE and their servers (Exchange, IIS, etc.), and not for the core OS itself (with the exception of the RPC vulnerability, which you can consider part of the core OS even though it runs as a service).
There are Millions of people in the "Open source community." A high percentage of them are experienced engineers (and some of them are even working!)
The point is we don't all need the skiils to solder this stuff into our boxes - that would be the opposite of what I was tlakign about, in fact. What's needed is the core technology to be designed and then made available for manufacturers to incorporate into commodity products. That's how you make security an affordable option no matter what Microsoft thinks of it.
This is a slap in the face of Microsoft. But obviously Microsoft will be solicited for input.
Unfortunately, I see one (or both) of two things happening:
1) "This standard will enable mass production of a class of operating systems that meet
the minimum expectations of consumers for security and general reliability by establishing
a floor for these characteristics,"
MS will attempt to set the "floor" to be barely above its current standard for security and reliability.
2) Microsoft will drag the whole thing down some "Trusted Computing" DRM rathole.
Well, with lines like " just as they understand that homosexuality is fun," I believe it's the work of a bored fucktard and should therefore be modded down as either OffTopic or even Flamebait.
Any karma whore can make an AC request to "Mod Parent Up!". Idiots and non-article-reading morons should not be allowed to moderate.
I have something in common with Stephen Hawking...
No, it's just that this article was more interesting than the original.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
The penis, mightier than the sword!
-uso.
For $300 a day, I'm yours.
Wrong!
/usr/src/sys/arch/$ARCH/conf; config MYFILE ../compile/MYFILE; make depend && make /bsd /bsd_old; cp bsd /bsd
cd
cd
cp
When this standard is in place and a company, say, microsoft, releases an operating system that they claim is secure but is not and does not follow the standard accepted for security by the rest of the industry, and its security fails as a result of this noncompliance, could microsoft then be sued for damages?
Hey, hey, hey, it's the big Master Control Program everyone's been talkin' about!
Won't that be grand? Computers and the programs will start thinking and the people will stop.
When you're on the other side of the screen, it all looks so easy.
End of line.
I can buy a linksys router with basic firewall functionality for $50. I can buy a NIC for $5. That's one helluva jump in price to get less functionality in a low profile case. So what if it says 3com on the box? My whole point is that this stuff doesn't need to be proprietary or expensive - it is only because there's no standard to commoditize the functionality.
"Informative" or "Interesting"
The living have better things to do than to continue hating the dead.
This could be good news - if it's a bit more fine-grained than the pre-existing NSA B3, B2, etc. classification which is great for "their" kind of computer needs, but rather too rigorous for everyday computing needs - to get A1 I recall a system has to be mathematically proven to be uncrackable. I'm not sure where it would leave the free distros, especially with upgrades put out the whole time; maybe they'd have to specify a core system to be classified (or face massive expense with every update...)
"'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
- JRR Tolkien.
That is a very good point, although my answer is the same: the best design approach is to separate applications into security-critical and non-security-critical parts, and minimize the size of the security-critical code. Luckily some people are already doing this.
It's about time a disinterested body tries to set some standards for software development. In hardware design, this has long been the case. No one invests millions in developing chips without following some generally agreed standards to allow it to operate with other hardware components. In the software inductry however, their seem to be no standards boards. Instead, developers, whether they are Unix, Windows, MacOS, etc., create their own standards, and expect everyone else to follow them, or even worse, refuse to even publish the standards. Standards should be agreed on by all interested parties before products following the standards are released.
Vote for Pedro
Remember that Windows was much-touted as being in compliant with some fancy security specs some time back... I forget the name of the spec, but basically only Windows NT 3.5x qualified, and only when it wasn't plugged into a network. Apparently, this security spec was a big thing, and MSites on and off SlashDot were frequently citing it as proof of NT's readiness to play with the "big boys" in the server room.
Common Criteria might be the spec I'm thinking of... or maybe it was something else. In any case...
People will find ways to legally say "Yes, our products meet these specs", when in reality only one iteration of the product, under highly restrictive conditions, possibly with parts of the default install removed completely, meet it. They will tell you "Yes, Windows 2005 meets $SECURITY_SPEC", but they WON'T tell you that it only meets it when you remove the browser, the GUI, half of the filesystem compatibility DLLs, and leave the machine sealed inside a bank vault unplugged and not on the network.
Just like any other spec, it will become a useless buzzword, and only managers and government drones will care much about it.
Does anyone really care how many security standards Windows meets? It's still not secure.
Honey, I shrunk the Cygwin
I don't use a PC, so I've largely ignored Blaster and the other recent viruses/worms/&c, but aren't at least some of them down to Outlook and other insecure apps? If every OS suddenly became 100% secure (if such a thing existed) tomorrow, how many problems would remain?
Ceterum censeo subscriptionem esse delendam.
A BIOS is essentially firmware. Many BIOSes check the master boot record to make sure it hasn't been changed, potentially by a virus.
Win2k server got EAL4+ based on the Common Criteria ISO standard. Hmm. That kind of makes me think the Common Criteria assurance levels don't really mean anything, and they exist soley for PHBs.
My sig can beat up your sig.
When trolls become mods, every post becomes a troll...
The so called prophets *might* have it wrong:
KJV translation:
6 with Base 100 (six-hundred)
3 with Base 20 (three-score)
1 with Base 6 ("and one" six)
O.K., so what the heck do you do with the
Octal and Hex dumps from the sciptures?
(Score +1, Insightful)
Actually it sounded more like SELinux to me. Isn't that what SELinux is all about? Partitioning the system and protecting one application from another?
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"More time than I care to recall, a decision has had to be made between the right way and the fast way. The fast way almost always wins, even if it is fragile and error-prone.
Is the computing community willing to give more than lip service to security and reliability? Past history say no.
Mea navis aericumbens anguillis abundat
You have to trust something. That which is trusted has to operate in a way that if it were made to do the wrong things, it would do the wrong things. Trust is the belief that it is not going to the wrong things. That which is not trusted has to be operated in a way that restricts its ability to do wrong things. But you cannot operate everything in the restrictive way because you have to trust the very mechanisms of restriction itself. And that generally means the kernel of the operating system, and the most of the hardware, have to be trusted to do the right things.
But the biggest issue is how do you establish that trust? Are you going to personally inspect every line of source code, and understand what it does? Are you going to inspect the engineering of the CPU and associated hardware that can influence how the CPU operates? Because we generally cannot do this on things as complex as computers or software, we have to establish trust by some proxy. If we know someone, and trust them, who has done all that, then we might trust the system. But there really isn't likely to be very many people around who can do that, and perhaps none at all. So somehow we have aggregate that trust proxy, and conclude on the basis of some combination of information, that something is trustable. But this isn't genuine trust. We cannot be certain that something is truly trustworthy just because someone says it is, or that a combination of others say it is.
Ultimately, we have to accept, and learn to deal with, the fact that trust is imperfect. We have to trust not that something cannot do the wrong thing, but that it is highly unlikely to do the wrong thing, and have contingency plans to be able to deal with it doing the wrong thing, which includes knowing that it did the wrong thing (it might try to hide that fact from you). The level we have to use to establish that trust will thus depend on the real and potential costs of the contingency (such as cleaning up the mess it leaves behind, restoring data, etc).
In order to reduce your contingency costs, you have to establish a greater criteria of trust. But the trust has a cost as well (for example hiring several computer scientists to inspect and analyze the code, as well as performing background checks on them to make sure they have no other motives, and even this has costs). It's all a balancing act. And where the optimal balance is will depend on many factors. As your contingency costs increase (a military has very high contingency costs, as it could mean losing to an opponent), your level of trust establishment needs to increase as well.
A standard for security has to address the fact that trust is imperfect, and that different entities will have different contingency costs. So it has to be flexible over a wide range of optimal levels of trust. If it is too rigid, it cannot be universally adopted, and will end up not being in common use (though it might find a niche use in areas matching its trust metrics). Those who are developing such a standard will at the very least need to state up front what the goal is. Is this something they expect to be usable in both a military high command setting, and in a casual home user setting? Unfortunately, I see none of this in the base document at the BOSS working group site.
now we need to go OSS in diesel cars
You're basically right, but for the wrong reason. The real reason is that we can't agree on what "security" means. Some things can't be made secure because, under some reasonable definitions of "secure", you'd have to disable the security for the system to function at all.
My favorite example is a definition that I ran across across a while ago. A "secure" system was defined as one in which an unauthorized user couldn't get access to any files and copy the data to another computer.
Now this probably sounds like a very reasonable definition, and in a lot of cases, it is. But just recently we had an interesting story here that reminded me of that definition. It was the story about the survey that purported to show that twice as many linux-based web servers as windows-based servers had been successfully "hacked".
When I read the claimed numbers, one thing that I noticed was that they were almost exactly the same as the Netcraft numbers on apache and IIS we servers, which of course mostly run on linux and windows respectively. This made me wonder what their definition of a "secure" server might be.
Then it occurred to me: They were using the above definition. A "hacked" server was one that gave up files to unauthorized users! If you have connected to a web server without authorization from the server's owner, and got back any web page, you have just seccussfully broken into that server and made off with data.
By this definition, of course, all web servers that work at all are totally insecure, since their fundamental task is to hand out files to all users. And to make a web server secure by this definition means that you must shut it down totally.
Now, this may sound facetious to some. But I can assure you that people do write such definitions and take them seriously. Without a good deal of thought, any committee's definition of "security" is likely to be as bad, and will outlaw many of the things that you want your own computer to do.
In this case, it is possible to revise the definition so that it works for web servers. But it takes a bit more thought. The resulting definition will be quite a bit more complex, and will be phrased subtly. You might want to try writing the definition, and then apply it to various things you do on the Net to see whether it will block you. You might be surprised at how difficult it is to get it right.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Cheaper and easier doesn't mean better and more effective.
The first step to solving the OS security problem, IMNSHO, is to build the OS in a real high-level language, instead of a portable assembly language. (Who was it that said that C combines the power and flexibility of assembly language with the ease of use and maintainability of assembly language?)
There are many languages that are much better suited for software engineering. A partial list might contain Ada, Eiffel, Java, Modula 3, Oberon, Sather, Scheme, Self, and Smalltalk. I'm sure there are plenty of other reasonable languages.
There may be some portions of the OS that need to bypass normal type and bounds checking, but these should be few and far between. Most of the languages I've listed above provide facilities for this, but they require you to explicity declare that you're doing it, rather than making it the default behavior as in C and C++.
I'm guessing that the standard is windows specific. Current versions of windows might lack a few things, but MS will have no problem changing those details.
All UNIX/POSIX, VMS, OS/390 (Is that the lattest name for IBM's mainframe os?), and so on systems will find the standard irrelavent to their way designing. In other words both unimplimentable without breaking backwards compatability, and irrelavent to (and in many cases lesser than) the security system allready in place
My favorite example is a definition that I ran across across a while ago. A "secure" system was defined as one in which an unauthorized user couldn't get access to any files and copy the data to another computer.
(emphasys mine)
[...snip...]
By this definition, of course, all web servers that work at all are totally insecure, since their fundamental task is to hand out files to all users.
Nope. In this case, those users are authorized (as anonymous) for those files. So the definition still stands.
No sig
I think this statement is slightly flawed. It's not "as long as there are hackers", it's there will always be hackers. There always was, and always will be hackers. Script kiddies are stupid, hackers are not. That is the lesson Microsoft and all companies have to learn. It's not a matter of if or will they. It's always a matter of when and how.
At first glance, I mis-parsed the title of the article as "IEEE to Standardize OS Security Compromises"
-- If you try to fail and succeed, which have you done? - Uli's moose
Why go to all that trouble?
/usr/src; make kernel KERNCONF=MYFILE
cd
why would it even be electrical engineer's responsibility to come up with the standard? i thought the so called "software engineers" should be the ones responsible - if software engineers are actually engineers; but that's another story.
my blog
I wonder why it is a good idea to standardize systems with respect to security.
If we have a look at the virus and worm problems that we were encountering during the last months, it should be pretty obvious that homogeneuous systems are more vulnerable in some way than heterogeneuous ones. This is a fact which can be learned from biology.
Considering this, it is questionable if the crucial parts of an operating system should behave in a standardized way.
TCSEC was the spec and yes WindowsNT met it only at some low level and then only when not plugged into a network.
0 181xts400.htm
But there is an OS that did meet the spec and a higher spec at that that was repeatedly OK'ed when connected to a network, in fact multiple networks of differnet levels. DigitalNet's STOP.
BTW, STOP in its newest version is currnetly being evaluated under the Common Criteria at the highest level ever attempted for a general pourpose OS. http://www.entrust.com/entrustcygnacom/labs/pfSEL
Well, with lines like " just as they understand that homosexuality is fun," I believe it's the work of a bored fucktard
Homophobe.
Microsoft mis-read what Open Systems was all about.
My Phone is a tri-band
Exactly. It's ludicrous that the rest of the world has to go out and buy different phones that are not needed anywhere else just because the USA won't follow standards. Cheaper dual band phones cope with the whole of the rest of the world just fine.
The fact that the different more expensive phone needed in the USA happens to use the same protocols but in a different waveband, rather than a completely different protocol, is only of interest to nerds; what ordinary punters know is they've got to buy a different phone because normal phones that work in the rest of the world don't work in the USA.
gave you WEP for 802.11b...
Remember, standards are usually *compromises* between several factions - most of whom have better, albeit *proprietary* solutions.