Topic: limitations of system security

topics > computer science > Group: security

extensible systems
limitations of formalism
open systems
operating system security
program proving is infeasible
security leaks and weaknesses
Subtopic: limitations of security up

Quote: cryptography can not protect us with mathematics; it can not keep our secrets safe, nor protect our electronic interactions [»schnB_2000]
Quote: botnet software supports SYN flood, ICMP flood, HTTP flood, and denial of service configuration; update to maximize the similarity between attack trafic and normal traffic [»pengT4_2007]
Quote: denial of service defense requires cooperation between ISPs to block malicious traffic near its source [»pengT4_2007]
Quote: limit damage instead of preventing security attacks [»karpAH12_2003]
Quote: security is relative; a security proof requires a model of the system and a model of the attacker [»mitcJC1_2001]
Quote: although conventional security concerns protection, an interactive system needs recovery tools, e.g., undo and restore damaged data [»bereG9_1982]
Quote: passwords are hard to maintain and reduce productivity; better to use short passwords that change yearly [»zippJ6_2001]
Quote: cryptosystems fail because of organizational problems instead of high-tech attacks; blunders, insider information, or simplistic technical procedures [»andeRJ11_1994]
Quote: no matter what is done, small mistakes with large consequences will still occur; prolonged field testing is necessary for a payment system [»andeRJ5_1996]
Quote: most frauds were due to loopholes caused by design and management errors; exploited opportunistically by operators and customers; for example, shorting the 11 kV feeder to credit a meter [»andeRJ5_1996]
Quote: a compiler or assembler can insert a trap door when compiling a ring 0 module; hidden even when recompiling the compiler [»kargPA6_1974]
Quote: passwords and security audits are no more than "security blankets" as long as hardware and software are vulnerable [»kargPA6_1974]

Subtopic: security involves people up

Quote: palpable, useful security involves people -- things people know, relationships between people, and how people relate to machines; while digital security involves complex, unstable computers [»schnB_2000]
Quote: the World Wide Military Command and Control System was developed and deployed by uncleared personnel using an open time sharing system; vulnerable to trap door insertions [»kargPA6_1974]
Quote: while operating systems emphasize protection of data from others, interactive users need protection from themselves
Quote: good security encompasses prevention, detection, and reaction; e.g., a vault with alarms and the threat of arrest [»schnB_2000]
Quote: digital security relies on prevention while ignoring detection, response, and auditing

Subtopic: security audit up

Quote: functional testing does not identify security flaws; need public, expert evaluation [»schnB_2000]
Quote: easily demonstrated malicious software attacks; e.g., a trap door triggered by a password, not found by quality assurance [»kargPA12_2002]
Quote: QA and ethical hacks are useless against trap doors triggered by a unique key [»kargPA12_2002]
Quote: easily attacked Multics security via hardware, software, and procedures; extracted or modified sensitive data without detection; 250 manhours of effort [»kargPA6_1974]

Subtopic: scale up

Quote: huge operating systems with poor fault isolation; any statement can overwrite key data structures of unrelated components [»taneAS5_2006]

Subtopic: code not trustworth up

Quote: you can only trust code that you create; source-level verification or scrutiny can not catch unsecure code [»thomK8_1984]
Quote: can recompile the C compiler to introduce Trojan horse bugs invisibly [»thomK8_1984]

Subtopic: physical security up

Quote: PGP assumes physical security of your system and key rings; otherwise an intruder could tamper with PGP itself [»zimmPR_1995]
Quote: physically secure your own secret key and pass phrase; if it is revealed then anyone can sign in your name [»zimmPR_1995]
Quote: physical access to a device negates the security of its software contents; e.g., media players and game boxes [»nislE1_2007]

Subtopic: cost of protection domain up

Quote: protection domain transfers take 200 instructions compared to 50 for the event dispatcher; need to limit use, e.g., separate web server from NFS and file cache operations [»grimR2_2001]

Subtopic: persistent storage up

Quote: sensitive data should not be written to disk; lock into memory instead [»gutmP7_1996]
Quote: magnetic force microscopy can read everything ever written to a magnetic disk [»gutmP7_1996]

Subtopic: openness vs. privacy up

Quote: most users most of the time prefer openness over privacy [»kernBW9_1978]

Subtopic: minimal security up

Quote: Mesa is designed for cooperating processes; no protection other than write-protected pages [»johnRK3_1982]
Quote: a KMS frame can be annotate only but most frames are left unprotected to encourage correction of typos [»akscRM7_1988a]
Quote: SUIT allows global-level properties to be locked; prevents problems from users randomly changing the properties [»pausR10_1992]

Subtopic: random numbers up

Quote: random number generators may be insecure; e.g. using current time and process ID as the seed [»gutmP1_1998]

Subtopic: Internet security up

Quote: internet security made worse by complexity, rapid change, connectivity, more users, anonymous, democratic [»zippJ6_2001]

Subtopic: electronic voting up

Quote: remote electronic voting does not work for public elections; too many insecure facilities/programs and too little scrutiny [»rubiAD12_2002]
Quote: tampering with a mechanical voting machine is visible after the fact; but a software attack can leave the machine exactly the same [»nislE1_2007]

Subtopic: restricts action up

Quote: should not emphasize security; it disallows useful features such as call-by-name

Related Topics up

Topic: extensible systems (22 items)
Topic: limitations of formalism (93 items)
Topic: open systems (33 items)
Topic: operating system security (18 items)
Topic: program proving is infeasible (47 items)
Topic: security leaks and weaknesses
(67 items)

Updated barberCB 6/05
Copyright © 2002-2008 by C. Bradford Barber. All rights reserved.
Thesa is a trademark of C. Bradford Barber.