Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Operating Systems Software Security

IEEE to Standardize OS Security Components 197

aster_ken writes "The Institute of Electrical and Electronic Engineers has started work on a standard for securing operating systems, as a recognition that software security is 'limited by the operating systems that underpin them', the organization said yesterday. The standard, dubbed IEEE P2200, will address external threats and intrinsic flaws arising from software design and engineering practices."
This discussion has been archived. No new comments can be posted.

IEEE to Standardize OS Security Components

Comments Filter:
  • by Unregistered ( 584479 ) on Saturday September 13, 2003 @01:56PM (#6952664)
    Microsoft creates own standards beaurou
    Deems Windows perfect, others not
  • Limited release (Score:5, Insightful)

    by Anonymous Coward on Saturday September 13, 2003 @01:56PM (#6952665)
    That's just great, codify the security aspects of OSes into a $100 document that can't be freely redistributed. That's a really good idea...
    • by sczimme ( 603413 ) on Saturday September 13, 2003 @02:17PM (#6952765)

      This is typical of so many kiddies these days: "I want everything for free, even if it's something I will never need/use/understand".

      Many products that are the result of the work of many people - like cars, toasters, and yes, even documents - cost money to produce. Learn to recognize which items are worth the amount on the price tag, and purchase accordingly.
      • Learn to recognize which items are worth the amount on the price tag, and purchase accordingly.

        You got that right, everything the IETF ever turned out is a load of crap.
        I'm glad I spent all that money to get the ISO's OSIRM protocol documents. That's where it's at.

      • by qtp ( 461286 ) on Saturday September 13, 2003 @03:04PM (#6952971) Journal
        The problem with this particular document being a "pay to play" licensing scheme, is that it will likely be adopted into law in some way, either as a supplier specification or as a compliance requirement for marketing a product or service.

        There are several jurisdictions in the United States where thier building codes are released in this way and are protected under copyright requiring a builder or homeowner to pay a large amount to have a copy of the current codes for reference and to pay an additional amount to include excerpts from the code in zoning and building permit applications. The fact that all persons (in that jurisdiction) are subject to compliance with these codes makes the licensing scheme an unfair limitation on builders giving an unfair advantage to larger construction companies and prevents homeowners being able to make even small improvements to thier properties if they are on a limited budget.

        I have seen building projects where the cost of preparing the permits was extensively more than the cost of actual construction due to licensing costs for access to the building codes and the necessity of including exerpts from the building code in the application. The one that springs to mind is a $1,500.00 improvement to a fire escape (required by code) that cost in excess of $2,000.00 to prepare the permits. If there had been no licensing fee for code exerpts , and if a reference copy of the code had been possible to obtain for less than $750.00, it would have cost less than $500.00 to prepare the permit, as it would have been possible to prepare the application in house and would not have required a legal review of the application before submittal.

        The only purpose that charging for the use of a specification serves is to limit the playing feild in the affected industry to a certain class of individuals who either already have money with which to pay, or have made commitments to persons who might or might not be knowlegable about the involved technology, but have the economic power and the desire to regulate that industry.

        This kind of non-governmental regulation puts an artificial limitation on the mechanisms of capitolism and prevents the very kind of "free market" (that you seem to be arguing for) from developing and prevents participation from legitimate businesses and other projects that have the necessary skills, knowledge, and abilities, but are lacking in support from the already established players in that market.

      • This is typical of professional prejudice these days: (see above reply)

        It's unfortunate that in capitalist societies people blindly accept that everything should cost money, even things such as information which can be replicated ad infinitum at no cost and without disturbing the original.

        If this group, ostensibly chartered to set standards for the common good, finds it must charge money to those whom it purports to benefit, it is a bureaucracy and hence inimical to its stated purpose. Drafting standards

    • document that can't be freely redistributed.

      No different from the POSIX standard, then...

    • Re:Limited release (Score:3, Informative)

      by Valar ( 167606 )
      Well, if you're a member of IEEE, you can usually get all that stuff for free. I'm a member (because as a student it only costs me like thirty bucks a year). I've pulled a bunch of documents from their archives and I've never payed a thing. Though, they do have an exagerated opinion of the value of dead trees. Some of the standards do require extra fees, I think, but none of the stuff I've used.
  • Easy solution. (Score:2, Interesting)

    by zoloto ( 586738 )
    They should just copy/paste linux & the bsd's file system properties and make simething similar to SELinux's security manditory.

    oh.. and ban microsoft. /rant
  • Here here! (Score:2, Insightful)

    Awesome. Operating System design is one of the most underdeveloped fields of the industry and I believe that this is a step in the right direction towards the development of a mature, secure operating system for general use!
    • Re:Here here! (Score:5, Insightful)

      by bryanthompson ( 627923 ) <logansbro AT gmail DOT com> on Saturday September 13, 2003 @02:07PM (#6952714) Homepage Journal
      don't get too excited there, guy. just becuase someone puts out a 'standard' doesn't mean everyone has to follow it. anyone can form an organization to make standards, but they dont' mean anything if nobody wants to follow them.

      Not only that, but people like microsoft will just make their own standards and ignore the ones already set. They won't have any affect on anything, imho.
      • Yeah, I mean like... look at how IIS doesn't even support SSL.

        (right)

      • Re:Here here! (Score:3, Insightful)

        by miu ( 626917 )
        anyone can form an organization to make standards , but they dont' mean anything if nobody wants to follow them.

        IEEE has a fair amount of credibility with the U.S. government - this standard could easily become a purchase requirement like POSIX.

        microsoft will just make their own standards and ignore the ones already set.

        MS will support this standard if it is a purchase requirement. I think it is more likely that MS will have an inconvenient BOSS mode, they will then be able to point to users failu

      • IEEE is responsible for a LARGE number of the computer-related standards out there. They are not just "someone" that puts out a standard. IEEE is probably the largest organization of computer and electronic-related people anywhere.

        Of course anybody can ignore a standard, but if the largest organization in the world in this industry goes one way, do you really want to go the other way?

        Erioll
    • I second that!

      It will address essential functions for cross-platform security, including identification and authentification, access control and key cryptographic concepts.

      This is awesome fucking news...

      It'll be interesting though, to see just how tangent to TCPA it will be...

    • Operating System design is one of the most underdeveloped fields of the industry and I believe [...]

      That's because most of it was done twenty or thirty years ago.

      [...] that this is a step in the right direction towards the development of a mature, secure operating system for general use!

      Maturity comes after a decade or two of public exposure. It'll be a long time before any "mature" product is designed around these proposals.

  • Such as how they did kerbose to be incompatble with Unix implementation. What good is a security standard if that implementation is going to be "extended" by the biggest player?
  • Cool... (Score:1, Troll)

    by dark-br ( 473115 )
    another standart for M$ break without giving a shit.

  • Comment removed based on user account deletion
    • Re:So What? (Score:3, Funny)

      by Jameth ( 664111 )
      I beg to differ. IEEE won't take them down, but it will bug them a bit. It is somewhat like MS being a rampaging bear, Linux being a horde of bunny-rabbits, and IEEE being a bunch of thorny trees.

      Linux hits the trees less, but it irritates the bear and prevents it from rears up. Eventually, after the Linux bunnies all mate like crazy, one bunny rabbit is born that is somewhat like the bunny in Monty Python's The Search for the Holy Grail. The point here is to mate Linux distros with each other until the pe
      • The point here is to mate Linux distros with each other until the perfect bunny emerges.

        Won't work, you'll just end up with one big cluster fuck...

  • great... (Score:4, Interesting)

    by arcanumas ( 646807 ) on Saturday September 13, 2003 @02:02PM (#6952691) Homepage
    The way i see it , 2 things can happen.One is that it will be too demanding/utopian/generic and no-one will apply it , in which case the standards existence is of no importance.
    The other is that at some point a system that adheres to the standard will be compomised and will raise questions as to the usefulness of this standars.

    I don't question the need for standards , but not all things can be standardized. Standards stand for a commonnly accepted way of doing something. Security is still too volatile.

    • Re:great... (Score:5, Insightful)

      by GoofyBoy ( 44399 ) on Saturday September 13, 2003 @02:11PM (#6952735) Journal
      >Security is still too volatile.

      Better put: Security is in the details.

      If I'm going to crash a system then its going to be its specific weakness/flaw and not some standard hole in every product.

      The standard will help but it still does not guarentee the implementation will be invulnerable.
      • I disagree. Most security problems popular recently involve either stupid users, or buffer overflows. While I don't think BOSS can specify 'disallow stupid users', they sure can specify 'check all your buffers, yes that means even that one that nobody will ever overflow, really, i mean it, come on!' (which i thought would be common practice by now, but ...)

      • Better put: Security is in the details.
        All of the details.

        Security is a perimeter type thingee. Putting a steel security door on a tarpaper shack isn't going to improve security. The weak point of a bank vault is that enormous security door.

        If I'm going to crash a system then its going to be its specific weakness/flaw and not some standard hole in every product.

        Exactly. Furthermore you get to make your choices after the product has committed to its choices. Further, the more complicated the security
  • IEEE (Score:4, Funny)

    by Anonymous Coward on Saturday September 13, 2003 @02:02PM (#6952693)
    Never mind a secure OS, I think these electronic engineers sound like very useful devices. Is there a review of one anywhere? How much do they cost? Do they run Linux?
    • Re: IEEE (Score:3, Funny)

      by Black Parrot ( 19622 )


      > Never mind a secure OS, I think these electronic engineers sound like very useful devices. Is there a review of one anywhere? How much do they cost? Do they run Linux?

      Yeah, I have an old mechanical engineer, and I think it's about time to upgrade to a modern electronic one in order to reduce the maintenance costs.

    • I think these electronic engineers sound like very useful devices. [..] Do they run Linux?

      As a matter of fact I do!
  • About time! (Score:2, Interesting)

    by SilentSheep ( 705509 )
    About time... question is will Micro$oft choose to conform to the standard or just keep going as they are, unless these 'standards' are legally binding!!

    It'll take a lot of work to make windows secure!!

    No operating syatem is completely secure anyway, there are always some 'undocumented features'

  • by pla ( 258480 ) on Saturday September 13, 2003 @02:05PM (#6952704) Journal
    So, did anyone else read the linked article and think "Looks like someone bought the IEEE's support of TCPA / Palladium"?

    I hope not, but it certainly sounds that way. Basically, it makes the point that we cannot trust people not to run programs that break their own (or others) computers, so the task of limiting what (possibly malicious) code can run falls to the OS.

    Sad. If I didn't have complete confidence that any DRM scheme will eventually prove itself flawed, I might actually worry. Though, I certainly do not look forward to the general inconvenience it would cause, regardless...


    Only education (and not running Outlook) will help reduce the modern plague of worms, virii, spam, and other ways to generally make a computer and the internet grind to a crawl. Not legislation, and not crippled hardware. People simple need to learn how to secure their own damn machines.
    • by esme ( 17526 ) on Saturday September 13, 2003 @02:32PM (#6952824) Homepage
      Basically, it makes the point that we cannot trust people not to run programs that break their own (or others) computers, so the task of limiting what (possibly malicious) code can run falls to the OS.

      you know, this basic premise doesn't have to be tied up in DRM. i think any decent security model is going to involve partitioning off system capabilities that aren't appropriate to the current user/situation/time of day/etc.

      unix has had this sort of thing for ages, in the form of user permissions, and ulimit. ulimit supports various parameters -- files, memory, cpu, etc. that can be consumed. taking this to its logical conclusion and including bandwidth, address book access, connections to various servers, etc. could provide a pretty logical way to fence in worms.

      providing even more restricted environments (like chroot jails or the applet runner) for untrusted code would be a good idea, too. if microsoft is going to insist on allowing people to email executables (screen savers, vbscript, etc.), the world will be better off if they execute in an environment that can't access the network, DoS the local machine, etc.

      -esme

      • by pla ( 258480 )
        providing even more restricted environments (like chroot jails or the applet runner) for untrusted code would be a good idea, too.

        What you write makes a lot of sense, and leaves me at least a bit of hope of a "good" implementation. Even within your ideas, though, I can see room for a few unacceptible restrictions...

        For example, who defines "untrusted code"? Perhaps most people don't care about issues like that, but I personally think nothing of popping out 15 minutes of code to automate a task that wo
        • i agree with you -- the definitions and policies regarding untrusted code are the crux of the matter.

          i can definitely see the potential for a DRM world where you can't listen to your CDs, watch your DVDs, access the network, use your peripherals, etc. unless you've bought into the DRM infrastructure that takes all your rights away. or worse, you can't get a new computer because the hardware won't run the OS you want to run.

          one of the main things that makes the initial attempts to impose DRM tolerable i

    • "This standard will enable mass production of a class of operating systems that meet the minimum expectations of consumers for security and general reliability by establishing a floor for these characteristics."

      This sure looks like it's about real security, not DRM.
    • Actually it sounded more like SELinux to me. Isn't that what SELinux is all about? Partitioning the system and protecting one application from another?
    • "Looks like someone bought the IEEE's support of TCPA / Palladium"?

      I had exactly the same first thought as you, so I dug around and found a link to their first draft and started reading to find evidence.

      Here's their first draft in PDF format (1.6 meg), [bosswg.org] RTF format (5.0 meg), [bosswg.org] and a ZIP (1.2 meg). [bosswg.org]

      I haven't read the whole thing, it's 76 pages, but as far as I can tell it hasn't been subverted by TCPA / DRM / Palladium / NaGSCaB / Trusted Computing nonsense. It looks like legitimate security designed for th
  • Some info (Score:3, Interesting)

    by dark-br ( 473115 ) on Saturday September 13, 2003 @02:06PM (#6952712) Homepage
    IEEE P2200 will build on NIST and ISO Common Criteria documents, but will be an independent standard.

    Anyways the IEEE has a track record of working on security-related standards includnig the popular P1363 (Standard Specifications for Public Key Cryptography) standard. P1363 defines standard implementations of public key crypto ciphers based on Integer Factorization, Discrete Log, Elliptic Curve, and Lattice algorithms.

    Ill be waiting to see this P2200 come arround.

    • Re:Some info (Score:4, Interesting)

      by Roxy ( 2746 ) <roland@buresund.se> on Saturday September 13, 2003 @03:22PM (#6953058) Homepage
      Anyways the IEEE has a track record of working on security-related standards

      Yes, like the P1003.6 (POSIX Security) which I was involved with (died because of lack of interest and politicial conflicts) as well as P1003.22 (Distributed Security) which I was one of the founders of (was later adopted by X/Open and is usually irrelevant today).

      For some reasons (like practical experience), I don't believe the IEEE will manage this any better than they have before (i.e., very badly, mostly due to political aspects having precedents before technical and security aspects).

      Feel free to mod an old cynic down.

    • Anyways the IEEE has a track record of working on security-related standards includnig the popular P1363 (Standard Specifications for Public Key Cryptography) standard. P1363 defines standard implementations of public key crypto ciphers based on Integer Factorization, Discrete Log, Elliptic Curve, and Lattice algorithms.

      And who uses them?

      Very few RSA implementations are P1363 compliant. Almost everyone uses the RSA labs PKCS#1 signature format. That is what is used in S/MIME, PKIX, SSL, all the IETF sta

  • Not A Guarantee (Score:5, Interesting)

    by robbyjo ( 315601 ) on Saturday September 13, 2003 @02:07PM (#6952719) Homepage

    It's true that some flaws in the OS are inherently design-based. However, even if we make certain design requirements to be incorporated in the OS, it still doesn't guarantee that the OS is secure. I would think that it even can't minimize the number of OS breaches. It would even hamper the OS development in order to comply with their standards.

    About the quote regarding the "minimum expectations of consumers for security and general reliability by establishing a floor for these characteristics". I don't think it would be possible the goal of "the least restrictive requirement while not relenting the control" is vague. Unless it provides rigid post- or pre-conditions of each method (in first order logic if necessary) and provide each formal specifications unambiguously, I would still see some leaks here and there. And, guess what? They put the requirement like UML standards: Way to vague. Congratulations.

    For those of you who are curious, click here [bosswg.org] for the draft.

  • This could be good (Score:5, Insightful)

    by Bruha ( 412869 ) on Saturday September 13, 2003 @02:08PM (#6952722) Homepage Journal
    I think it's time for all OS's to accept standards to help people interact with eachother effectively and securely. As everyone know MicroSoft has shunned many attempts at standards in order to control their market share by keeping their users pinned into MicroSoft sanctioned data. This has the effect of forcing businesses to support the MicroSoft users first and everyone second if at all.

    I think a security standard should be enforced by a world body to help prevent MicroSoft from once again taking the standard and corrupting it to work only with Windows and .Net applications thus forcing the same cycle of users/companies designing to MS standards again thus shutting out the rest of us from secure systems.

    Some would say standards hurt computing that's not exactly the case. You can design products around standards and still compete with other standard compliant products. It allows everyone to remain compatible and at the same time darwinism will take effect with bad products going away and good products evolving to better suit their users.
  • by Anonymous Coward
    if IEEE just redirected their new site here [openbsd.org]
  • it's good (Score:2, Insightful)

    Not really condeming of anyone in particluar, but I doubt the big player of the PC world will take orders from anyone. They didn't for any of their software, why would they take standards for the core OS of everything? Microsoft seems to be it's own standard, which is too bad.
    • Re:it's good (Score:2, Interesting)

      by Jameth ( 664111 )
      I suspect that they would listen to it, because then they can put a sticker on the front of the box which says 'Conforms to IEEE Security Standards'. And that will be a big selling point, because people are really starting to get pissed.

      I expect it will raise their security level, but raise expectations even higher, and increase the general danger brought about by virii and so-such due to user over-confidence.
  • by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Saturday September 13, 2003 @02:15PM (#6952752) Journal
    And they all involve Microsoft

    One, the final standard spec will be loose enough that Windows will already be compliant, so it won't mean anything.

    Two, the final standard spec will be Microsoft's Window-centric implementation of a secure system (existing windows systems may not be compliant, but future ones would be). No non-Windows system would be able to meet the standard without extensive licensing fees being paid to Microsoft to license the technologies needed.

    Three, the final standard spec will be sensible, and Microsoft will ignore it. With the mainstream desktop environment paying no regard to the specification, the spec fails to acquire the widespread adoption necessary to become a real standard.

    • I wouldn't bet against you, but the forth possibility is that something will be produced that actually helps establish some base level of security.

      If they do succeed, I should be able to run an unpatched OS, run unpatched and vulnerable applications and click on anything I please with impunity. That's not to say that everything's fine. It's just that I shouldn't be able to get consequences all out of proportion to their causes. I click on a bad website and maybe kill the browser, but that browser is extrem
    • I'm guessing that the standard is windows specific. Current versions of windows might lack a few things, but MS will have no problem changing those details.

      All UNIX/POSIX, VMS, OS/390 (Is that the lattest name for IBM's mainframe os?), and so on systems will find the standard irrelavent to their way designing. In other words both unimplimentable without breaking backwards compatability, and irrelavent to (and in many cases lesser than) the security system allready in place

    • It looks to me like it is intended to be a variation of "Three, the final standard spec will be sensible, and Microsoft will ignore it". It doesn't appear to be targeted at home desktops. It could be ignored in that market yet still be used in other markets.

      -
  • by Jacer ( 574383 ) on Saturday September 13, 2003 @02:15PM (#6952754) Homepage
    It has no network adapter (modem or otherwise) and no input devices (as in all the ports ps/2 com et cetra have been melted shut or broken off) It has no hard drive, just rom, and It's in a chest rigged to explode somewhere at the bottom of the north atlantic! I extend an invite to all the hackers/crackers to try to by pass it!
    • great, now, how did you get on to slashdot???

      -and i bet one of my old mobos sitting on the shelf is more secure than that! i have even removed the bios roms and used violence on them.
    • My only question: But does it run linux?

      Oh, wait. I mean: Can you imagine a Beowulf cluster of those?

      Okay, fine. In Soviet Russia, secure system bypasses YOU!

      Welcome to Slashdot.
  • redundancy (Score:2, Interesting)

    by poptones ( 653660 )
    With the incredible cheapness of compute cycles these days I don't understand at all the lack of certain widespread security devices. For example, why are there no inexpensive router NICs? You can buy a $40 Linksys - but that's a whole 'nother box. I have an old HP I use, but that's also another box. What do I do with my laptop when I want to use a public access point? Carry a Linksys with me?

    All you need is an ARM, firmware in FLASH (so it can be upgraded when it is inevitably cracked), a PCI interface an

    • Re:redundancy (Score:2, Insightful)

      by Anonymous Coward
      I doubt very many Open community members have the skill to add an ARM to their PCI network card or motherboard. Not that I'm saying it can't be done. It's just that I think your idea is taking a wrong and very difficult approach at a level that's way too close to the hardware. I'm surprised you didn't say to put a virus checker right on hard drive controllers.

      These solutions are more usefully implemented in software.
      • It's just not part of the OS. It's part of a redundant OS, which means it works with anything you attach it. You can put it in a mac, or a pc, or even standalone (it's just a CPU attached to a NIC).

        There are Millions of people in the "Open source community." A high percentage of them are experienced engineers (and some of them are even working!)

        The point is we don't all need the skiils to solder this stuff into our boxes - that would be the opposite of what I was tlakign about, in fact. What's needed is t

  • Standard: (Score:2, Funny)

    by noselasd ( 594905 )
    Do we need any standard but; "don't use any Microsoft products".

    (ok, I realize they really talk about a broader view of security, couldn't resist though)
  • "a standard to formulate consistent baseline security requirements for general-purpose (GP), commercial, off-the-shelf (COTS) operating systems"

    Too bad, it might have been useful for Non-Commercial Off The Net Software (NCONS) too. Ever get the feeling that someone has just been dying to use a new acronym?
    • Redhat, Mandrake, and many other vendors of linux are indeed general-purpose, commercial, off-the-shelf operating systems.

  • Why the IEEE? (Score:2, Insightful)

    by Anonymous Coward
    This is a software, not hardware issue. The ACM would be a more appropriate oversight group for this.
  • by Tim Ward ( 514198 ) on Saturday September 13, 2003 @02:37PM (#6952843) Homepage
    Um, yes, perhaps.

    Remember the reaction of the average American to an international standard is to denounce it as a communist plot, particularly if one of the European standards bodies takes an interest (or even ISO, which most Americans regard as European and therefore communist).

    If you want an example of how well Americans make good use of international standards you just have to look at their mobile phone system ... and laugh or weep to taste. (I have this phone which works in 199 countries of the world and doesn't work in one, which is ... guess which? Likewise there's just one county in the world which uses strange paper sizes ... just one country which is so wedded to Imperial units that it crashes spacecraft in preference to following international standards ... and so on and so on ...)

    Now, if most operating system manufacturers were European and Japanese this would be a good idea, because they'd be likely to follow any new international standard. But it happens to be a fact of life that many operating systems are produced or contributed to by Americans, so any such idea is dead in the water before it gets off the ground.
    • Thanks for reminding me this idiotic isolationism isn't a recent phenomena. Realizing our long history of blundering idiocy is somehow comforting in these times of widespread malevolent idiocy...

    • is the USA literally the ONLY country that does not use the metric system? dammmmmn..
  • by rborek ( 563153 ) on Saturday September 13, 2003 @02:43PM (#6952862)
    As long as there are people creating software, there will always be security bugs in the operating system. You just can't go over millions of lines of code and spot every bug that can result in a security breach - especially if two portions of code combined are the reason for the breach (those two pieces of code can be hundreds of thousands of lines of code apart). I predict that they'll certify an operating system secure... and then the next day a security alert will be announced for it. Microsoft has come a long way from their old operating systems - Windows Server 2003 is much more secure, but no operating system will ever be 100% secure as long as there are hackers out there to test every possible vulnerability... and the fact that there are administrators out there that may not secure the OS down and make stupid configuration errors.
  • MS (Score:2, Funny)

    by defishguy ( 649645 )
    Oh yeah... remember the RPC implementation that Microsoft chose for RPC? IEEE 666

  • by Brett Johnson ( 649584 ) on Saturday September 13, 2003 @03:15PM (#6953019)
    This is a slap in the face of Microsoft. But obviously Microsoft will be solicited for input.
    Unfortunately, I see one (or both) of two things happening:

    1) "This standard will enable mass production of a class of operating systems that meet
    the minimum expectations of consumers for security and general reliability by establishing
    a floor for these characteristics,"

    MS will attempt to set the "floor" to be barely above its current standard for security and reliability.

    2) Microsoft will drag the whole thing down some "Trusted Computing" DRM rathole.
  • Liability (Score:2, Interesting)

    by Free_Meson ( 706323 )
    When this standard is in place and a company, say, microsoft, releases an operating system that they claim is secure but is not and does not follow the standard accepted for security by the rest of the industry, and its security fails as a result of this noncompliance, could microsoft then be sued for damages?
  • It's about time a disinterested body tries to set some standards for software development. In hardware design, this has long been the case. No one invests millions in developing chips without following some generally agreed standards to allow it to operate with other hardware components. In the software inductry however, their seem to be no standards boards. Instead, developers, whether they are Unix, Windows, MacOS, etc., create their own standards, and expect everyone else to follow them, or even worse, r
  • Remember that Windows was much-touted as being in compliant with some fancy security specs some time back... I forget the name of the spec, but basically only Windows NT 3.5x qualified, and only when it wasn't plugged into a network. Apparently, this security spec was a big thing, and MSites on and off SlashDot were frequently citing it as proof of NT's readiness to play with the "big boys" in the server room.

    Common Criteria might be the spec I'm thinking of... or maybe it was something else. In any case
  • by gidds ( 56397 ) <slashdot@gidd[ ]e.uk ['s.m' in gap]> on Saturday September 13, 2003 @05:11PM (#6953581) Homepage
    A secure OS is of course very important. (For large values of 'secure'.) But what proportion of current problems are caused by the OS, and what proportion by apps?

    I don't use a PC, so I've largely ignored Blaster and the other recent viruses/worms/&c, but aren't at least some of them down to Outlook and other insecure apps? If every OS suddenly became 100% secure (if such a thing existed) tomorrow, how many problems would remain?

  • Priorities (Score:3, Interesting)

    by Detritus ( 11846 ) on Saturday September 13, 2003 @06:24PM (#6953928) Homepage
    It won't mean a damn thing if software designers and programmers don't readjust their priorities. That includes Microsoft and the open source community.

    More time than I care to recall, a decision has had to be made between the right way and the fast way. The fast way almost always wins, even if it is fragile and error-prone.

    Is the computing community willing to give more than lip service to security and reliability? Past history say no.

  • by Skapare ( 16644 ) on Saturday September 13, 2003 @06:50PM (#6954059) Homepage

    You have to trust something. That which is trusted has to operate in a way that if it were made to do the wrong things, it would do the wrong things. Trust is the belief that it is not going to the wrong things. That which is not trusted has to be operated in a way that restricts its ability to do wrong things. But you cannot operate everything in the restrictive way because you have to trust the very mechanisms of restriction itself. And that generally means the kernel of the operating system, and the most of the hardware, have to be trusted to do the right things.

    But the biggest issue is how do you establish that trust? Are you going to personally inspect every line of source code, and understand what it does? Are you going to inspect the engineering of the CPU and associated hardware that can influence how the CPU operates? Because we generally cannot do this on things as complex as computers or software, we have to establish trust by some proxy. If we know someone, and trust them, who has done all that, then we might trust the system. But there really isn't likely to be very many people around who can do that, and perhaps none at all. So somehow we have aggregate that trust proxy, and conclude on the basis of some combination of information, that something is trustable. But this isn't genuine trust. We cannot be certain that something is truly trustworthy just because someone says it is, or that a combination of others say it is.

    Ultimately, we have to accept, and learn to deal with, the fact that trust is imperfect. We have to trust not that something cannot do the wrong thing, but that it is highly unlikely to do the wrong thing, and have contingency plans to be able to deal with it doing the wrong thing, which includes knowing that it did the wrong thing (it might try to hide that fact from you). The level we have to use to establish that trust will thus depend on the real and potential costs of the contingency (such as cleaning up the mess it leaves behind, restoring data, etc).

    In order to reduce your contingency costs, you have to establish a greater criteria of trust. But the trust has a cost as well (for example hiring several computer scientists to inspect and analyze the code, as well as performing background checks on them to make sure they have no other motives, and even this has costs). It's all a balancing act. And where the optimal balance is will depend on many factors. As your contingency costs increase (a military has very high contingency costs, as it could mean losing to an opponent), your level of trust establishment needs to increase as well.

    A standard for security has to address the fact that trust is imperfect, and that different entities will have different contingency costs. So it has to be flexible over a wide range of optimal levels of trust. If it is too rigid, it cannot be universally adopted, and will end up not being in common use (though it might find a niche use in areas matching its trust metrics). Those who are developing such a standard will at the very least need to state up front what the goal is. Is this something they expect to be usable in both a military high command setting, and in a casual home user setting? Unfortunately, I see none of this in the base document [bosswg.org] at the BOSS working group [bosswg.org] site.

  • While it's obviously possible to write reliable, secure software in C, the language doesn't offer any help to a programmer wanting to do so, and is in many ways a hindrance. And although C++ is better in some ways, it actually has most of the drawbacks of C since it is basically a superset.

    The first step to solving the OS security problem, IMNSHO, is to build the OS in a real high-level language, instead of a portable assembly language. (Who was it that said that C combines the power and flexibility of

  • At first glance, I mis-parsed the title of the article as "IEEE to Standardize OS Security Compromises"

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...