Re: [SC-L] ACL (access control lists) generic design questions

2004-02-27 Thread Glenn and Mary Everhart
William Herrera wrote:
I think some here might have suggestions about improvements to existing 

I'm working on an extensible access-control-list style authorization 
system, beyond the usual read/write authorization schemes, probably to 
be written as a Perl module for CGI use and using a database on the back 
end. This is designed to allow fine control over the use of data and 
other objects by a given user. Right now it mainly uses 
read/append/edit/delete modes, since in its present alpha form it has a 
well defined groupware use, but I intend to make it more flexible than 
that, generic enough to be used as a general-purpose open source perl 
object authorization module.

In doing so, I'd like to define modes of access beyond the ones allowed 
by Unix and Windows ACL's. These, so far, include:

list object (see the object in a ls or dir listing)

read or view object

append (simple data) to object

add link (to another object) within the object

edit (change existing object's data or structure)

delete object

undelete or roll back object to a prior state

administer (change object's authorizations or modes)

ownership (to be the creator of the object or equivalent)

Does anyone know of an access control type they've wanted in an access
control list but not had?
How about access by a process with too much privilege?
Also it would be handy to be able to control access in some ways
directly by integrity level. Initially it is I think sufficient to
be able to hand designate low integrity programs, but there needs
to be a system to propagate this state to objects that have been
accessed by, or perhaps altered by, a low integrity program. I
worked up some code that implemented such a number of years back, but
have not experimented in the area for some time. The point of this is
to deal with mobile code where the mobile code really should not be
treated as acting as a human user's agent.
It is probably worth mentioning that some of the old MLS operating systems
that were too slow back in the, say, late 70s, may be just fine now, with
machines that run ~1000 times faster, and getting faster still. What was
a little too slow to use on a pdp11 would probably look blazingly fast on
most any contemporary processor. Same might be true for good old Multics
if it can be compiled on newer iron. (I didn't get close enough to it to
know what it was written in. Maybe someone will comment.)

RE: [SC-L] Any software security news from the RSA conference?

2004-02-27 Thread Dave Paris

What John Gordon is doing giving a keynote at the RSA conference is utterly
and completely beyond my ability to comprehend.  If you read his bio at the
link above, you'll find he has absolutely zero background in software or
computer systems.  He's obviously a smart cookie (ex-physicist at Air Force
Weapons Lab, a stint at Sandia, etc) but he's not in any position to
authoritatively say jack sqat about software vulnerabilities - unless
there's something I'm not reading about his background.

I love his perspective though .. Sure John, it's the DEVELOPERS fault that
MANAGEMENT makes the promises and DEMANDS product be shipped two weeks
before it's even spec'd.  God, I sure do wish I had though of just spending
more time debugging when the CEO was screaming at me.. either you ship *IT*
or I ship *YOU*.  This also tells me he's completely unfamiliar with the
concept of offshore outsourcing.  psss.. hey, John .. A LOT OF THE CODE'S

I'm glad I didn't go .. I would have felt cheated out of my admission fee by
hearing the blathering of someone like this.

Kind Regards (and in somewhat of a cranky mood),

 -Original Message-
 Behalf Of Mark Curphey
 Sent: Thursday, February 26, 2004 7:33 PM
 Subject: Re: [SC-L] Any software security news from the RSA conference?

 Looks like the link I was pointing to didn't make it

 Here it is again,39020375,39147413,00.htm

 And the text below

 Software makers could eliminate most current security issues if
 they only tried harder, according to a Homeland Security advisor

 An advisor to the US' Homeland Security Council has lashed out at
 software developers, arguing their failure to deliver secure code
 is responsible for most security threats.

 Retired lieutenant general John Gordon, presidential assistant
 and advisor to the Homeland Security Council, used his keynote
 address at the RSA Security conference in San Francisco on
 Wednesday to question how much effort developers are putting into
 ensuring their code is watertight. This is a problem for every
 company that writes software. It cannot be beyond our ability to
 learn how to write and distribute software with much higher
 standards of care and much reduced rate of errors and much
 reduced set of vulnerabilities, he said.

 Gordon's keynote followed a day after that of Microsoft chairman
 Bill Gates.

 According to Gordon, if developers could reduce the error and
 vulnerability rate by a factor of 10, it would probably
 eliminate something like 90 percent of the current security
 threats and vulnerabilities.

 Once we start writing and deploying secure code, every other
 problem in cybersecurity is fundamentally more manageable as we
 close off possible points of attack, he said.

 Gordon also criticised wireless network manufacturers for making
 encryption too difficult to deploy, even for technically
 competent users. He made the comments after explaining that he
 had spent a long weekend trying to set up a Wi-Fi network at his house.

 One manufacturer got to invest an entire man-day of tech support
 and about eight hours of telephone charges. At the end of the
 day, I still had not accomplished a successful installation,
 said Gordon, who eventually managed to get the network running by
 taking some steps that were not in the documentation.

 However, he said the documentation didn't make it clear how to
 secure his network: The industry needs to make it easy for users
 like me -- who are reasonably technically competent -- to employ
 solid security features and not make it so tempting to simply
 ignore security.

  Mark Curphey [EMAIL PROTECTED] wrote:
  I thought this was interesting. I missed it but I am sure the
 message will
  please many on this list (myself included)
   Bill Cheswick [EMAIL PROTECTED] wrote:
   Bill Gates gave a keynote on their current approach to security, and
   the contents of SP2, due out 1H 2004.  From what I heard, Bill
   gets it.  He addressed about 4 of my top 6 complaints and
   Quite a change from the rhetoric of five years ago.
   But it is an Augean stable, and they have a long way to go.
   Of course, the devil is in the details, and we will have to see.
   On Wed, Feb 25, 2004 at 02:38:32PM -0500, Kenneth R. van Wyk wrote:
It's been a rather quiet week so far here on SC-L.  I guess
 that everyone
is either at the RSA conference ( or
otherwise too busy.  I've been watching some of the reports
 that have been
appearing in the trade press regarding announcements and
 such at the RSA
   Most of the announcements seem to me to focus on new and upcoming