On Wed, Jun 27, 2001, listsat_private wrote: > From: aleph1at_private > > > We have all heard the old security principle of not filtering out > > known bad input but filtering in known good input, but I've never heard > > it "named" like we name the "principle of least privilege". Do you know > > of any such name? I am thinking of simply christening the principle of > > inclusion. > > > I am defining it as: The principle of inclusion tells us that when > > performing input validation for security purposes we should not > > define what is considered invalid input and refuse any > > input that matches this definition, since our definition of what > > is invalid may not be complete, and that instead we should define what > > is considered valid input and refuse any input that does not match > > this definition. > > Tanenbaum says in "Operating Systems Design and Implementation" > Second, the default should be no access. Errors in which legitimate > access is refused will be reported much faster than errors in which > unauthorised access is allowed. More simply for the protection models he follows the two Denning principles: 1) Closed Enviroment : No objects has rights per default. 2) Least Privilege: Every objects has the rights strictly needed for that computing phase. And a safe input phase should follow above principles. -- "Everything should be as simple as possible, but no simpler" - Albert Einstein --
This archive was generated by hypermail 2b30 : Fri Jun 29 2001 - 13:35:44 PDT