Re: Principle of Inclusion?

From: Crispin Cowan (crispinat_private)
Date: Tue Jun 26 2001 - 20:16:52 PDT

  • Next message: JoanMa Mas Ribes: "Re: CDSA-biometrics"

    aleph1at_private wrote:
    
    >   We have all heard the old security principle of not filtering out
    > known bad input but filtering in known good input, but I've never heard
    > it "named" like we name the "principle of least privilege". Do you know
    > of any such name? I am thinking of simply christening the principle of
    > inclusion.
    
    Most questions like this can be resolved by referring to Saltzer &
    Schroeder's 1975 paper "The Protection of Information in Computer
    Systems".  This is a landmark paper that defines & categorizes almost
    everything that matters in secure system design and implementation.  1975
    is kind of an old journal for most people to try to dig up, so the paper
    is helpfully available on line here
    http://web.mit.edu/Saltzer/www/publications/protection/index.html
    
    For those thinking "Hmpf.  Dusty, old, ... irrelevant."  I thought that
    too, until I read it.  This paper is amazing.  Some of the terminology
    appears to be out of date; it spends a lot of time talking about shared
    memory segment control registers.  Ignore all that pap and substitute
    "shared file system" and the issues come back into focus.
    
    To Aleph's specific question:  this is the principle of "Fail-safe
    defaults", which Saltzer & Schroeder discuss here
    http://web.mit.edu/Saltzer/www/publications/protection/Basic.html and cite
    E.Glaser 1965 as the original source.
    
    Crispin
    
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    



    This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 09:33:04 PDT