Re: Secure OS Thoughts

From: Douglas A. Gwyn (DAGwyn_at_null.net)
Date: 08/30/03 

Date: Sat, 30 Aug 2003 02:42:31 -0400

Martin Bealby wrote:
> This set me
> thinking, why has nobody created a secure operating system.

There have been several such.

It is true that it is much more reliable, and more cost-
effective, to build security in from the outset than to
try to retrofit it onto an existing system. What has
been rather well established is that simplicity is a
strong ally when creating secure operation.

The *biggest* single obstacle to establishing security
on the systems most people actually use, is that the
users demand support for all the features (bells and
whistles) that they are now accustomed to, and quite
simply that means using *unsecurable* protocols and
trusting agents of *unknowable* trustworthiness. The
commercial exploitation of the Internet would take a
fatal blow if it were forced to embed genuine security,
and the will and direction necessary for that are just
not present. Even the DoD has surrendered control of
their own communications design and largely gone over
to using crappy stuff like Windows with IPv4. I miss
the good old days when experienced communication
security engineers designed and built our systems.
But it's a lot cheaper to not have decent security,
so...

Excellent security is just *not* a serious priority
and/or the people making such decisions don't have a
clue (same thing in my opinion).

> Needed capabilities:

Yes, but not in the sense that you intended.

Your list was well-intentioned, but neither necessary
nor sufficient to obtain a high level of security, and
it would all be subverted anyway in practice. What is
truly needed is a nonsubvertible underlying mechanism.
Capas (all the way down to instruction level) perhaps.
The IBM System/38 was an interesting experiment that
got *some* of the basics right, but it had no effect on
the design of current sstems.

Relevant Pages

  • Re: How NSA access was built into Windows
    ... By arguing that secure operating systems are indispensable to system ... security, the authors hope to spawn a renewed interest in operating ... is important that mechanisms exist to report violations of that security ...
    (Fedora)
  • Re: Security and EOL issues
    ... OS software resources are designed that reserved ram and disk space among other resources, to reflect what current hardware size is available. ... (There was a security patch a few years ago that could not be applied to NT4 as it required more resources then NT4 could provide. ... Installing air bags requires that the automobile manufacturer design, test, ... Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)
  • Re: I need a system the U.S. government cannot hack
    ... By way of a further excuse, using words such as 'hack', 'government' or ... The security requirements are driven in part by the costs associated with ... The bulk of the cost of box and wire systems is in the infrastructure --> ... While I can, and will, and am trying, to move ahead with my own design, ...
    (microsoft.public.security)
  • Re: I need a system the U.S. government cannot hack
    ... By way of a further excuse, using words such as 'hack', 'government' or ... The security requirements are driven in part by the costs associated with ... The bulk of the cost of box and wire systems is in the infrastructure --> ... While I can, and will, and am trying, to move ahead with my own design, ...
    (microsoft.public.security)
  • Re: Well Andrew, "3" count them "3" security patches for VMS in five
    ... Whenever you discuss security with VMS guys ... be a fully patented methodology by OpenVMS Engineering. ... calling standard which rules out "by design" the primary cause of ... - design privilege assignments to be attached to a mode. ...
    (comp.os.vms)