It be difficult to determine a priori the settings for all the access control
lists and other security parameters that one must establish for CAS to work.
Perhaps a software assist would work according to the following scenario. Run
the program in the environment in which it will actually be used. Assume
minimal permissions. Each time the program would fail due to violation of some
permission, notate the event and plow on. Assuming this is repeated for every
use case, the resulting reports would be a very good guide to how CAS settings
should be established for production. Of course, everytime the program is
changed in any way, the process would have to be repeated.
MARK ROCKMAN
MDRSESCO LLC
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________