On Thu, 19 May 2011 10:23:47 -0700, geremy condra <debat...@gmail.com> wrote: : Let me get this straight: your argument is that operating *systems* : aren't systems?
You referred to the kernel and not the system. The complexities of the two are hardly comparable. There probably are different uses of system; in computer security literature¹ it often refers, not only to a product (hardware/software) an actual installation and configuration of that product in a specific context. /I/ did not redefine it. Speaking of reasonable assumptions, one necessary assumption which is particularly dodgy is that whoever deploys and configures it understands all the assumptions and do not break them through ignorance. Is your concern with security purely from a developer's viewpoint, so that you don't have to worry about the context in which it will be deployed? : > So what? The levels of assurance have nothing to do with standards. : > The levels of assurance refer to the /confidence/ you can have that : > the standards are met. : : The increasing levels of assurance don't just signify that you've : checked for problems- it certifies that you don't have them, at least : insofar as that level of testing is able to find. Insisting that this : doesn't, or shouldn't, translate into tighter security doesn't make : much sense. Tighter sure, but the security requirements and the requirement on testing and/or validation are orthogonal scales. The higher levels of assurance are based on formal methods while the lower ones are based primarily on testing. I read your initial comment to imply that if you cannot get satisfactory assurance using the lower levels, you won't get any at the higher levels. That does not make any sense. Obviously, if you were implying that no system passes the lower levels, then of course they won't pass the higher levels, but then, if that's the case, we would all know that we cannot even design /seemingly/ secure systems. And nobody has suggested that so far. ¹ e.g. Dieter Gollmann for just one ref off the top of my head. -- :-- Hans Georg -- http://mail.python.org/mailman/listinfo/python-list
