Re: Media Excitement!

[robert () dyadsecurity com]

byte_jump(bytejump () gmail com)@Tue, Apr 26, 2005 at 10:34:38PM -0600:
> A kernel patch is "bolton on" and SELinux is a kernel patch, just as
> PaX is.

It has been integrated into the main branch for a little while now.

> You believe kernel-level bugs will "come about"? I believe there have
> been upwards of 20 security patches to the 2.6 kernel just this year.

I meant in addition to what we have already seen. And not all of the
kernel bugs have attack vectors that are going to be available from the
context that a subject is running in.

> I intend on digging a bit deeper with SELinux, but I have serious
> concerns with the scalability of it. When I'm hearing that I'll need
> to take _years_ to understand SELinux, there's too much complexity.

It's not fair to simply say SE Linux is more complex than other
alternatives.  They do different things.  The amount of time elapsed to
get comfortable will vary.

> When I hear that I need to change everything that I've learned about
> security in order to understand it, that's not a good sign.

There's a lot that is taught in security that differs greatly from the
traditional formal security world.  Go sit for the CISSP, CEH, Security
+, SANS tests some time.  If you have had a lot of education from those
places, you'll have to relearn a lot of what you thought you knew to
understand what is trying to be accomplished by projects like SE Linux.

> It's also not a good sign that policy analysis tools exist to tell me
> when I have what they say is an accurate policy. Why aren't the
> policies human-readable? How much do you trust those policy analysis
> tools? I'm pretty paranoid...

The policies are human readable.  What we haven't gone into yet is that
the policies can also control domain transitions, relabeling, type
relationships, information flow, etc.  Since the number of possible
variations can be very high, these policy analysis tools help you
simulate all of the different paths to make sure you're implementing
what you intended to implement.

> Everything I'm hearing says "complex" and "error-prone" from an
> administrative standpoint.

Change complex to configurable.  I suppose it's just semantics.

Also, as I (unfortunately - sorry about that) started this silly thread,
let me finish it by saying that my intent was not to get everyone using
SE Linux/TSOL.  It was to express the thought that a lot of money and
time from people a lot smarter than me has been spent figuring out ways
to securely use computers. 

They were nice enough to document their findings and publish them for us
all (in places like http://www.radium.ncsc.mil/tpep/library/rainbow/,
http://www.commoncriteriaportal.org/, etc).

I believe their findings to be accurate.  Yet I still see us floundering
around as we ignore most things they've already proven to be true.  This
is unfortunate, and the source of a lot of really silly products made by
people who don't really understand the problems they're trying to solve.

I think most people here would agree that what we're currently doing
isn't really working.  My hope is that we can learn from the work that
has gone on before us and continue to make valid, meaningful
improvements.

Time will tell if I am right or I am just a radical (and ultimately
useless) idealist.  Either way, we're going to demonstrate how to break
a lot of these security mechanisms this summer.  Should be loads of fun.

Anyhow .. enough.  Let's talk about something else :).

"A priest, a rabbi, and a nun walk into a bar...."

Robert

-- 
Robert E. Lee
CEO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave