It be difficult to determine a priori the settings for all the access control 
lists and other security parameters that one must establish for CAS to work.  
Perhaps a software assist would work according to the following scenario.  Run 
the program in the environment in which it will actually be used.  Assume 
minimal permissions.  Each time the program would fail due to violation of some 
permission, notate the event and plow on.  Assuming this is repeated for every 
use case, the resulting reports would be a very good guide to how CAS settings 
should be established for production.  Of course, everytime the program is 
changed in any way, the process would have to be repeated.

MARK ROCKMAN
MDRSESCO LLC
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________

Reply via email to