aleph1at_private wrote: > We have all heard the old security principle of not filtering out > known bad input but filtering in known good input, but I've never heard > it "named" like we name the "principle of least privilege". Do you know > of any such name? I am thinking of simply christening the principle of > inclusion. Most questions like this can be resolved by referring to Saltzer & Schroeder's 1975 paper "The Protection of Information in Computer Systems". This is a landmark paper that defines & categorizes almost everything that matters in secure system design and implementation. 1975 is kind of an old journal for most people to try to dig up, so the paper is helpfully available on line here http://web.mit.edu/Saltzer/www/publications/protection/index.html For those thinking "Hmpf. Dusty, old, ... irrelevant." I thought that too, until I read it. This paper is amazing. Some of the terminology appears to be out of date; it spends a lot of time talking about shared memory segment control registers. Ignore all that pap and substitute "shared file system" and the issues come back into focus. To Aleph's specific question: this is the principle of "Fail-safe defaults", which Saltzer & Schroeder discuss here http://web.mit.edu/Saltzer/www/publications/protection/Basic.html and cite E.Glaser 1965 as the original source. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 09:33:04 PDT