Re: Principle of Inclusion?

From: Giorgio Zoppi (zoppiat_private)
Date: Thu Jun 28 2001 - 10:24:14 PDT

  • Next message: Wall, Kevin: "RE: CDSA-biometrics"

    On Wed, Jun 27, 2001, listsat_private wrote:
    
    > From: aleph1at_private
    > 
    > >   We have all heard the old security principle of not filtering out
    > > known bad input but filtering in known good input, but I've never heard
    > > it "named" like we name the "principle of least privilege". Do you know
    > > of any such name? I am thinking of simply christening the principle of
    > > inclusion.
    > 
    > >   I am defining it as: The principle of inclusion tells us that when 
    > > performing input validation for security purposes we should not
    > > define what is considered invalid input and refuse any
    > > input that matches this definition, since our definition of what
    > > is invalid may not be complete, and that instead we should define what
    > > is considered valid input and refuse any input that does not match
    > > this definition.
    > 
    > Tanenbaum says in "Operating Systems Design and Implementation"
    >     Second, the default should be no access.  Errors in which legitimate
    >     access is refused will be reported much faster than errors in which
    >     unauthorised access is allowed.
    
    More simply for the protection models he follows the two Denning principles:
    
    1) Closed Enviroment : No objects has rights per default.
    2) Least Privilege: Every objects has the rights strictly needed for
       that computing phase.
     
    
    And a safe input phase should follow above principles.
     
    --  
    "Everything should be as simple as possible, 
       but no simpler" - Albert Einstein
    --
    



    This archive was generated by hypermail 2b30 : Fri Jun 29 2001 - 13:35:44 PDT