Dan Kaminsky <d...@doxpara.com> writes: > Security is at least partially composable. For example the very concept of > attack vector analysis (by far the most important but surprisingly least > understood predictor of real world exploitability) requires knowing what's > reachable by what. Many bugs can only be reached if you're already root, > in which case they create no security differential. Many other bugs are > vastly more serious because they do not have a known secure component > gating access to them, for example the recent route from email to Flash > (and Packager) via winmail.dat. > > There are interesting cross layer issues but they're more of an exception; > in general we close off more bugs than we open nesting security > layers.
Nevertheless, systems become quite complex as people add layer upon layer, which can invalidate assumptions about the security of single layers. For example: Double encryption with groups, confused deputies. > > On Friday, January 8, 2016, <d...@geer.org> wrote: > >> So far as I know, security is not composable, which is to say >> that there is no reason to expect that the connection of N>1 >> known-secure components is itself secure in the aggregate. >> >> But as an honest question, could or would the broad deployment >> of LANGSEC diligence help with that problem of composability? >> My intuition is "yes, it could or would help" but it is only >> intuition, not a deduction. >> >> Were it possible to persuasively show that diligent LANGSEC >> work would help with composability, then the demand for that >> diligence might grow quite strong. >> >> Thinking out loud, >> >> --dan >> >> _______________________________________________ >> langsec-discuss mailing list >> langsec-discuss@mail.langsec.org <javascript:;> >> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss >> > _______________________________________________ > langsec-discuss mailing list > langsec-discuss@mail.langsec.org > https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss -- Nils Dagsson Moskopp // erlehmann <http://dieweltistgarnichtso.net>
pgp4btwlf8Q91.pgp
Description: PGP signature
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
