Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Media Excitement!

From: robert () dyadsecurity com
Date: Sun, 24 Apr 2005 21:48:43 -0700
pageexec () freemail hu(pageexec () freemail hu)@Sat, Apr 23, 2005 at 03:02:18AM +0100:

i understood this much ;-), the real question is, which of the solutions
in the mentioned URL gives *appropriate assuarance* against exploitation
(remember the original question about alternatives to patching)? based
on my experience and instinct, none of them does (EAL 4 is little more
than a joke), but i'd like to be *proven* wrong.


You have to remember that the EAL is the assurance of the implementation.
IE how well thought out, formally documented/analyzed, etc was their
implementation of the selected Protection Profiles.  You can be EAL 4+
.. but if the only protection profile you're building for is CAPP, you
had significantly different design goals than the OS's that tried to
implement CAPP, RBAC, and LSPP, (the new SKPP) etc.

The rest of your post will be more meaningful to answer once you spend
more time with a working implementation.  SE Linux or Trusted Solaris
would be good choices to start with, or even start by simply reading the
Orange book.  It may change your perception of what's possible and what
the designers were trying to accomplish.

Robert

-- 
Robert E. Lee
CEO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: