Reference monitors were a lovely concept, largely invented for multilevel
security kernels and trusted computing bases, but are almost nonexistent
in that context. Yes, they'd be lovely to have, but even the NSA folks
seem to have abandoned them...
___
And don't forget the entire run-time environment in which the python code runs.
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at -
You should look at Ka-Ping Yee's PhD thesis: http://pvote.org
and the Pvote Software Review Assurance Document, Apr 3 2007.
Google finds it quickly.
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc -
... and of course Multics solved the Y2K problem in 1965,
deferring the overflow for many additional decades.
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List
And don't forget the Paul Karger paper from Oakland, which applies access
controls to executables and effectively provides implementations for
Saltzer-Schroeder's least privilege and more:
@InProceedings{Karger87,
Key=Karger, Author=P.A. Karger,
Title=Limiting the Damage Potential of
Searching through
http://www.csl.sri.com/neumann/illustrative.html
gives these COBOL-related RISKS items. The initial
character descriptors are defined there. In the citations,
* R relates to RISKS (archives at risks.org)
* S relates to SIGSOFT Software Engineering Notes (archives at
Gary, If you think security is a funny topic, try this one:
http://haha.nu/funny/funny-math/
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter
Nice discussion.
It arose years ago when software development managers typically had
NO experience in software development, but were thought to be good
managers. Many disasters ensued. The other side of the coin is that
good developers are often TERRIBLE managers. I once wrote
Psychosocial
Der Mouse is barking up the right rathole.
*** BEGIN SOAPBOX ***
Having cut my security eye-teeth in Multics from 1965 to 1969, I am
continually drawn back into discussions of what Multics did right that
has been systematically (!) ignored by almost all subsequent operating
systems. For the
Matt,
You will find lots of references that might appeal to your
needs in an emerging DARPA report on my web site:
http://www.csl.sri.com/neumann/chats4.pdf
There's an appendix by Virgil Gligor that might be very
helpful to you, which does not yet appear in the html
(but will as soon as I move
Gee, Some of us have been saying that for 40 years.
11 matches
Mail list logo