Re: Reasons for Inclusion

From: jmjonesat_private
Date: Fri Mar 22 2002 - 13:50:54 PST

  • Next message: jmjonesat_private: "Re: Reasons for Inclusion"

    On Fri, 22 Mar 2002, Jesse Pollard wrote:
    
    > jmjonesat_private:
    > > 
    > > Has anybody written a paper, or a list, or a set of notes that respond to
    > > the following question, yet?
    > > 
    > > "
    > > Since secure-systems are a minority of installed systems, and the LSM code
    > > works exceptionally well with a common-patch, why should this patch enter
    > > into the "official" code tree for Linux and not simply track it as a
    > > shared resource for secure-system developers, developed outside the 'stock
    > > kernel' tree?
    > > "
    > > 
    > > Risking My Unpopularity
    > > To Ask a Question Early,
    > > That Will CERTAINLY Be Asked Eventually,
    > > Hopefully to get some REALLY GOOD REASONS (RGR's),
    > > J. Melvin Jones
    > > 
    > > P.S. -- I'm an easily beaten "gat-fly". :)
    > 
    > How about:
    > 
    > One reason secure systems are a minority is that the administrators and users
    > are not aware that higher levels of security are even possible.
    
    GREAT!  Interchangable modules WILL allow more administrators to apply
    secure solutions without recompiling the kernel... depending on how easy
    it is to aquire modules. :)  Couldn't a "standard patch" equally serve
    this need?  "5 steps to greater security."  Would the difficulty in
    patching the kernel outweigh the difficulty of configuring the
    module/solution?
    
    > 
    > In many cases, they may hear of "trusted computing" or perhaps even "orange
    > book B1" (or the new buzphrase "trustworty computing"). But without an example
    > of one it is impossible to determine if such a beast would be usefull. Much
    > less learn how to use it.
    
    Not sure how LSM helps this.
    
    > 
    > Once an implementation (or in our case, hooks) become standard, it becomes
    > much easier to add a module, configure it, and evaluate the result. This
    > breeds understanding. Understanding of multiple security models will expand
    > the range of security awareness, and lead to more secure systems being
    > implemented and actually used.
    
    Easier, yes, but only in the model (paradigm) that LSM has espoused.  Is
    there a good justification for this, or is it simply based on "common
    thinking" rather than "forward/theoretical thinking?"
    
    > 
    > There will need to be a lot of documentation and "how to" texts written, but
    > that will come with/when knowlegeable administrators try them out, and ask
    > questions.
    > 
    
    Not an advantage, IMHO.  Various other solutions will have to provide
    various-other documentation.  Would a "suggestion/advert line" in the 
    documentation be equally useful to LSM?
    
    > It also will expand the confidence of some administrators just knowing that
    > if it DID become necessary/mandatory, it is possible to increase the security
    > level of the system.
    
    It's possible now.  I've done it, most of my "compatriots" have done it,
    but not nearly as well as LSM has done.  My solutions have never been LSM
    compatible.  We want CHOICES, and we want them to be enumerated and
    argued.
    
    > 
    > In some environments it is already mandated to have more security than that
    > defined as "C2", but it isn't being done just because "it isn't standard"
    > or "it's too expensive" (the usual answer I get :).
    
    Can LSM support C2 fully, verifiably, and certifiably?  That's an
    advantage, if it can.  Has anybody proved this (at least in a paper?)
    
    > 
    > Several medical databases are/have been implemented on multiple servers, with
    > disjoint data bases/networks simply because there are so few systems that
    > CAN be made more secure. This introduces errors (and expesive hardware
    > duplication) becuase data must be entered two or more times, once for each
    > database.
    
    Linux is open sourse, it can be extended, and WELL WRITTEN APPLICATIONS
    can serve such needs well, now.  LSM is a low(ish) level thing, is it
    necessary for this purpose?
    
    > 
    > -------------------------------------------------------------------------
    > Jesse I Pollard, II
    > Email: pollardat_private
    > 
    > Any opinions expressed are solely my own.
    > 
    
    Thanks Jesse,
    Good Points (to me),
    Hopefully Addressable,
    J. Melvin Jones
    
    |>------------------------------------------------------
    ||  J. MELVIN JONES            jmjonesat_private 
    |>------------------------------------------------------
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    |>------------------------------------------------------
    ||  http://www.jmjones.com/
    |>------------------------------------------------------
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 13:53:15 PST