Re: [SC-L] [External] Re: SearchSecurity: Dynamism
Reference monitors were a lovely concept, largely invented for multilevel security kernels and trusted computing bases, but are almost nonexistent in that context. Yes, they'd be lovely to have, but even the NSA folks seem to have abandoned them... ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___
Re: [SC-L] has any one completed a python security code review`
And don't forget the entire run-time environment in which the python code runs. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___
Re: [SC-L] has any one completed a python security code review`
You should look at Ka-Ping Yee's PhD thesis: http://pvote.org and the Pvote Software Review Assurance Document, Apr 3 2007. Google finds it quickly. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___
Re: [SC-L] 2010 bug hits millions of Germans | World news | The Guardian
... and of course Multics solved the Y2K problem in 1965, deferring the overflow for many additional decades. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Unclassified NSA document on .NET 2.0 Framework Security
And don't forget the Paul Karger paper from Oakland, which applies access
controls to executables and effectively provides implementations for
Saltzer-Schroeder's least privilege and more:
@InProceedings{Karger87,
Key=Karger, Author=P.A. Karger,
Title=Limiting the Damage Potential of Discretionary {T}rojan Horses,
BookTitle=Proceedings of the 1987 Symposium on Security and Privacy,
Organization=IEEE Computer Society,
Address=Oakland, California, Year=1987, Month=April, pages=32--37}
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___
Re: [SC-L] COBOL Exploits
Searching through http://www.csl.sri.com/neumann/illustrative.html gives these COBOL-related RISKS items. The initial character descriptors are defined there. In the citations, * R relates to RISKS (archives at risks.org) * S relates to SIGSOFT Software Engineering Notes (archives at www.sigsoft.org/SEN/ although more recent items also in RISKS) Vf West Drayton ATC system bug found in 2-yr-old COBOL code (S 16 3, R 11 30) \$fe IRS COBOL reprogramming delays; interest paid on over 1,150,000 refunds (S 10 3:12) S[H?] Election frauds, lawsuits, spaghetti code, same memory locations used for multiple races simultaneously, undocumented GOTOs, COBOL ALTER verb allowing self-modifying code, calls to undocumented/unknown subroutines, bypassable audit trails (S 11 3); Report from the Computerized Voting Symposium, August 1986 (S 11 5) Sie Data transfer Excel-COBOL loses voter data in 2003 Greenville Mississippi election (R 22 95) \$hi Man gets \$218 trillion phone bill (R 24 24); COBOL program? (R 24 27,29,30,33) f Discussion of date and century roll-over problems: Fujitsu SRS-1050 ISDN display phones fail on two-digit month (10); 1401 one-character year field; COBOL improvements; IBM 360 (S 20 2:13) [See Fred Ballard and Walt Murray (R 16 70 ff).] [Lots of stuff is relevant on COBOL's two-character year field and the entire Y2K saga.] ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] How can we stop the spreading insecure coding examples at training classes, etc.?
But my question is, is that enough? Of course not. It's nowhere near enough. Of course, there is NEVER ENOUGH in this business. But what you are suggesting is still very far from what might be thought of as enough under the circumstances. PGN ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] Bumper sticker definition of secure software
Gary, If you think security is a funny topic, try this one: http://haha.nu/funny/funny-math/ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] Hiring folks that are familar with SC practices
Nice discussion. It arose years ago when software development managers typically had NO experience in software development, but were thought to be good managers. Many disasters ensued. The other side of the coin is that good developers are often TERRIBLE managers. I once wrote Psychosocial Implications of Computer Software Development and Use: Zen and the Art of Computing in Theory and Practice of Software Technolgoy D. Ferrari, M. Bolognani, and J. Goguen (editors), North-Holland, 1983, pages 221-232. An earlier version appeared in Software Engineering Notes, and Will Tracz may even have that online by now. The bottom line is that you need people with well developed and coordinated LEFT- and RIGHT-brained abilities innately. Interviewing someone to be a system-oriented developer is very difficult unless the interviewer has deep knowledge of system-oriented development. Read my DARPA CHATS report on Principled Assuredly Trustworthy Composable Architectures. Your interviewers should have read and understood the essence of that report before being trusted to select good applicants. http://www.csl.sri.com/neumann/chats4.html or pdf or ps Good luck! P ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] Managed Code and Runtime Environments - Another layer of added security?
Der Mouse is barking up the right rathole. *** BEGIN SOAPBOX *** Having cut my security eye-teeth in Multics from 1965 to 1969, I am continually drawn back into discussions of what Multics did right that has been systematically (!) ignored by almost all subsequent operating systems. For the younger folks among the SC-L audience, let me mention a few of the architectural strengths. There were no buffer overflows in the stack, because anything out of the stack frame was not executable. The ring-structured domain architecture and file system access controls permitted straightforward sandboxing. Dynamic linking and revocation were fundamental. Segmentation and paging enabled layers of virtual machines and protected virtual memory. The I/O system had virtual stream names, virtual I/O, and common device-driver software where appropriate, coupled with separate hardware for the input-output controller (GIOC). The programming language was the stark EPL subset of PL/I and the corresponding McIlroy-Morris EPL compiler, which seems to have avoided some of the characteristic programming errors that are still common today. No software was written until there was an approved specification, with well defined interfaces and exception conditions that were explicitly characterized in EPL. And so on into a visionary sense of a future that has been largely lost for may perceived reasons, some of which are bogus, some of which are just seriously short-sighted. *** END SOAPBOX *** I'm sure this message may generate all sorts of Ifs and Ands and Buts. But the Butt we are kicking is our own. Cheers! PGN ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] Top security papers
Matt, You will find lots of references that might appeal to your needs in an emerging DARPA report on my web site: http://www.csl.sri.com/neumann/chats4.pdf There's an appendix by Virgil Gligor that might be very helpful to you, which does not yet appear in the html (but will as soon as I move the .eps files to .gif...) But start with the principles, e.g., Saltzer and Schroeder 1975 And don't try to look at security as an isolated problem -- it is an overall system problem, and there are lots of papers on software decomposition, composability, modularity, etc. that are fundamental to security. You might also try Matt Bishop's book, with lots of references. PGN
Re: [SC-L] ACM Queue article and security education
Gee, Some of us have been saying that for 40 years.
