1998-11-15 - NSA on OS Flaws

Header Data

From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: af04d6b20180572b08f61f27cb5f0d3b531f0441f11bc784dfb6d3d9779a2a34
Message ID: <199811150212.VAA01270@camel8.mindspring.com>
Reply To: N/A
UTC Datetime: 1998-11-15 02:34:09 UTC
Raw Date: Sun, 15 Nov 1998 10:34:09 +0800

Raw message

From: John Young <jya@pipeline.com>
Date: Sun, 15 Nov 1998 10:34:09 +0800
To: cypherpunks@toad.com
Subject: NSA on OS Flaws
Message-ID: <199811150212.VAA01270@camel8.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain



An NSA team presented at NISSC98 in October
"The Inevitability of Failure: The Flawed Assumption 
of Security in Modern Computing Environments:"

  http://jya.com/paperF1.htm  (62K)

  Abstract

  Although public awareness of the need for security in 
  computing systems is growing rapidly, current efforts 
  to provide security are unlikely to succeed. Current 
  security efforts suffer from the flawed assumption 
  that adequate security can be provided in applications 
  with the existing security mechanisms of mainstream 
  operating systems. In reality, the need for secure 
  operating systems is growing in today's computing 
  environment due to substantial increases in connectivity 
  and data sharing. The goal of this paper is to motivate 
  a renewed interest in secure operating systems so that 
  future security efforts may build on a solid foundation. 
  This paper identifies several secure operating system 
  features which are lacking in mainstream operating 
  systems, argues that these features are necessary to 
  adequately protect general application-space security 
  mechanisms, and provides concrete examples of how 
  current security solutions are critically dependent on 
  these features.

  Keywords: secure operating systems, mandatory security, 
  trusted path, Java, Kerberos, IPSEC, SSL, firewalls.

-----

The paper advocates greater research on vulnerabilities
of operating systems which allow malicious attackers to
circumvent application-level security, including 
cryptographic protection. Ways to get around hardware
and software crypto are outlined.

Covert channels are a prime concern, as well as benign
use inadverdently allowing malicious intrusion.

An extensive list of references trace the twenty-five 
year history of OS flaws and examine why so little has 
been done to correct known deficiencies which undermine 
seemingly unbreachable applications.

Readings about DTOS, Fluke, Flash and other developments
of the NSA-sponsored Synergy program are illuminating.

The recent republication of early compsec documents by
CSRC is appropriate to this topic, particularly, "Subversion:
The Neglected Aspect of Computer Security," by Philip Myer,
June 1980, a thesis at NPS:

   http://csrc.nist.gov/publications/history/myer80.pdf

Not that NSA would ever exploit OS weaknesses not warned 
about.

-----

Thanks to JM/RH for pointing to the NISSC papers.







Thread