Re: [SC-L] [External] Re: SearchSecurity: Dynamism

2015-09-08 Thread Peter G. Neumann
Reference monitors were a lovely concept, largely invented for multilevel
security kernels and trusted computing bases, but are almost nonexistent
in that context.  Yes, they'd be lovely to have, but even the NSA folks
seem to have abandoned them...
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___


Re: [SC-L] has any one completed a python security code review`

2010-04-09 Thread Peter G. Neumann
And don't forget the entire run-time environment in which the python code runs.
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___


Re: [SC-L] has any one completed a python security code review`

2010-04-06 Thread Peter G. Neumann
You should look at Ka-Ping Yee's PhD thesis:  http://pvote.org
and the Pvote Software Review Assurance Document, Apr 3 2007.
Google finds it quickly.
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___


Re: [SC-L] 2010 bug hits millions of Germans | World news | The Guardian

2010-01-08 Thread Peter G. Neumann
... and of course Multics solved the Y2K problem in 1965,
deferring the overflow for many additional decades.
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] Unclassified NSA document on .NET 2.0 Framework Security

2008-11-25 Thread Peter G. Neumann
And don't forget the Paul Karger paper from Oakland, which applies access
controls to executables and effectively provides implementations for
Saltzer-Schroeder's least privilege and more:

@InProceedings{Karger87, 
Key=Karger, Author=P.A. Karger, 
Title=Limiting the Damage Potential of Discretionary {T}rojan Horses, 
BookTitle=Proceedings of the 1987 Symposium on Security and Privacy, 
Organization=IEEE Computer Society,
Address=Oakland, California, Year=1987, Month=April, pages=32--37}

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] COBOL Exploits

2007-11-02 Thread Peter G. Neumann
Searching through 
  http://www.csl.sri.com/neumann/illustrative.html
gives these COBOL-related RISKS items.  The initial 
character descriptors are defined there.  In the citations,

* R relates to RISKS (archives at risks.org)
* S relates to SIGSOFT Software Engineering Notes (archives at
www.sigsoft.org/SEN/ although more recent items also in RISKS)

Vf  West Drayton ATC system bug found in 2-yr-old COBOL code (S 16 3, R 11 30)

\$fe IRS COBOL reprogramming delays; interest paid on over 1,150,000 refunds 
  (S 10 3:12)

S[H?] Election frauds, lawsuits, spaghetti code, same memory locations
used for multiple races simultaneously, undocumented GOTOs, COBOL
ALTER verb allowing self-modifying code, calls to undocumented/unknown
subroutines, bypassable audit trails (S 11 3); 
Report from the Computerized Voting Symposium, August 1986 (S 11 5)

Sie
Data transfer Excel-COBOL loses voter data in 2003 Greenville
  Mississippi election (R 22 95)

\$hi Man gets \$218 trillion phone bill (R 24 24); COBOL program? 
  (R 24 27,29,30,33)

f Discussion of date and century roll-over problems:
Fujitsu SRS-1050 ISDN display phones fail on two-digit month (10);
1401 one-character year field; COBOL improvements; IBM 360 (S 20 2:13)
  [See Fred Ballard and Walt Murray  (R 16 70 ff).]
  [Lots of stuff is relevant on COBOL's two-character year field
  and the entire Y2K saga.]
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] How can we stop the spreading insecure coding examples at training classes, etc.?

2006-08-28 Thread Peter G. Neumann
 But my question is, is that enough? 

Of course not.  It's nowhere near enough.  
Of course, there is NEVER ENOUGH in this business.
But what you are suggesting is still very far from 
what might be thought of as enough under the circumstances.

PGN

___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php


Re: [SC-L] Bumper sticker definition of secure software

2006-07-17 Thread Peter G. Neumann
Gary, If you think security is a funny topic, try this one:

  http://haha.nu/funny/funny-math/
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php


Re: [SC-L] Hiring folks that are familar with SC practices

2006-06-05 Thread Peter G. Neumann
Nice discussion.
It arose years ago when software development managers typically had
NO experience in software development, but were thought to be good
managers.  Many disasters ensued.  The other side of the coin is that
good developers are often TERRIBLE managers.  I once wrote 
  Psychosocial Implications of Computer Software Development and Use:
  Zen and the Art of Computing
in Theory and Practice of Software Technolgoy
D. Ferrari, M. Bolognani, and J. Goguen (editors),
North-Holland, 1983, pages 221-232.
An earlier version appeared in Software Engineering Notes, and Will
Tracz may even have that online by now.

The bottom line is that you need people with well developed and 
coordinated LEFT- and RIGHT-brained abilities innately.  Interviewing
someone to be a system-oriented developer is very difficult unless
the interviewer has deep knowledge of system-oriented development.

Read my DARPA CHATS report on Principled Assuredly Trustworthy
Composable Architectures.  Your interviewers should have read and
understood the essence of that report before being trusted to select
good applicants.
  http://www.csl.sri.com/neumann/chats4.html or pdf or ps

Good luck!  P
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php


Re: [SC-L] Managed Code and Runtime Environments - Another layer of added security?

2006-03-29 Thread Peter G. Neumann
Der Mouse is barking up the right rathole.

*** BEGIN SOAPBOX ***

Having cut my security eye-teeth in Multics from 1965 to 1969, I am
continually drawn back into discussions of what Multics did right that
has been systematically (!) ignored by almost all subsequent operating
systems.  For the younger folks among the SC-L audience, let me mention
a few of the architectural strengths.  There were no buffer overflows in
the stack, because anything out of the stack frame was not executable.
The ring-structured domain architecture and file system access controls
permitted straightforward sandboxing.  Dynamic linking and revocation
were fundamental.  Segmentation and paging enabled layers of virtual
machines and protected virtual memory.  The I/O system had virtual
stream names, virtual I/O, and common device-driver software where
appropriate, coupled with separate hardware for the input-output
controller (GIOC).  The programming language was the stark EPL subset of
PL/I and the corresponding McIlroy-Morris EPL compiler, which seems to
have avoided some of the characteristic programming errors that are
still common today.  No software was written until there was an approved
specification, with well defined interfaces and exception conditions
that were explicitly characterized in EPL.  And so on into a visionary
sense of a future that has been largely lost for may perceived reasons,
some of which are bogus, some of which are just seriously short-sighted.

*** END SOAPBOX ***

I'm sure this message may generate all sorts of Ifs and Ands and Buts.
But the Butt we are kicking is our own.

Cheers!  PGN
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php


Re: [SC-L] Top security papers

2004-08-09 Thread Peter G. Neumann
Matt,
You will find lots of references that might appeal to your 
needs in an emerging DARPA report on my web site:
  http://www.csl.sri.com/neumann/chats4.pdf
There's an appendix by Virgil Gligor that might be very
helpful to you, which does not yet appear in the html
(but will as soon as I move the .eps files to .gif...)
But start with the principles, e.g., 
  Saltzer and Schroeder 1975
And don't try to look at security as an isolated problem --
it is an overall system problem, and there are lots of papers
on software decomposition, composability, modularity, etc. 
that are fundamental to security.
You might also try Matt Bishop's book, with lots of references.

PGN




Re: [SC-L] ACM Queue article and security education

2004-06-30 Thread Peter G. Neumann
Gee, Some of us have been saying that for 40 years.