Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: mcnabb () argus-systems com (Paul McNabb)
Date: Wed, 18 Feb 1998 10:48:35 -0600
From smb () research att com Wed Feb 18 10:21 CST 1998 That's not my point. What I'm looking for is a higher-level specification of the basic *model* for security. For example, Orange Book-style systems -- independent of assurance or implementation techniques, and even independent of the Orange Book itself -- implement a model that says "you can't read information at a higher sensitivity level; you can't write information to a file with a lower sensitivity label". Now, arguably that's a useful scheme for a time-sharing machine, where you might have users with different clearances. What I'm looking for here is a model for the security properties of a firewall or IDS, in a generic Internet environment. Orange Book-style firewalls operate on sensitivity levels -- good for that environment, perhaps, but useless for most people. Granted, in the newer criteria one can claim that a product protects against assorted attacks -- but what is the *model* for what they do? Given a model, one can reason about the model itself. One can start to build security kernels that enforce it. But I haven't a clue what such a model might be.
What I was trying to point out is that one of the points of the new common criteria is to allow you to write such a model. A very small piece of the CC has to do with what most people think of as the Orange Book way of doing security. The concept of a Protection Profile will allow you to define a model that is intended to protect a system (or something less than a complete system) against a defined set of threats. In essense, you can write your own "orange book", complete with rationalizations, assumptions, environments, threats, and of course, "protection mechanisms" and assurances. All this being said, even the CC doesn't let you model everything, nor does it address some key fundamentals that you may want/need to have to address the issue of building a model. I agree with you. There needs to be some serious thinking about the fundamental issue of what security really is, what is being protected, why it is being protected, how various components and requirements interact, and what the tradeoffs are. Right now it seems that companies are building products to meet needs that are several levels removed from the core issues. There are a lot of responses to particular attacks or types of attacks without there being any real theoretical basis for the solution. Does anyone know of a group working on this level of the security issue? I would assume any such work would be most likely found in either a academic environment or a quasi-commercial or government "think tank" group. paul --------------------------------------------------------- Paul McNabb Argus Systems Group, Inc. Vice President and CTO 1809 Woodfield Drive mcnabb () argus-systems com Savoy, IL 61874 USA TEL 217-355-6308 FAX 217-355-1433 "Securing the Future" ---------------------------------------------------------
Current thread:
- Re: Important Comments re: INtrusion Detection, (continued)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 16)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 16)
- Re: Important Comments re: INtrusion Detection Adam Shostack (Feb 18)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 18)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 19)
- Re: Important Comments re: INtrusion Detection Jonathan Care (Feb 19)