From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: af04d6b20180572b08f61f27cb5f0d3b531f0441f11bc784dfb6d3d9779a2a34
Message ID: <199811150212.VAA01270@camel8.mindspring.com>
Reply To: N/A
UTC Datetime: 1998-11-15 02:34:09 UTC
Raw Date: Sun, 15 Nov 1998 10:34:09 +0800
From: John Young <jya@pipeline.com>
Date: Sun, 15 Nov 1998 10:34:09 +0800
To: cypherpunks@toad.com
Subject: NSA on OS Flaws
Message-ID: <199811150212.VAA01270@camel8.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain
An NSA team presented at NISSC98 in October
"The Inevitability of Failure: The Flawed Assumption
of Security in Modern Computing Environments:"
http://jya.com/paperF1.htm (62K)
Abstract
Although public awareness of the need for security in
computing systems is growing rapidly, current efforts
to provide security are unlikely to succeed. Current
security efforts suffer from the flawed assumption
that adequate security can be provided in applications
with the existing security mechanisms of mainstream
operating systems. In reality, the need for secure
operating systems is growing in today's computing
environment due to substantial increases in connectivity
and data sharing. The goal of this paper is to motivate
a renewed interest in secure operating systems so that
future security efforts may build on a solid foundation.
This paper identifies several secure operating system
features which are lacking in mainstream operating
systems, argues that these features are necessary to
adequately protect general application-space security
mechanisms, and provides concrete examples of how
current security solutions are critically dependent on
these features.
Keywords: secure operating systems, mandatory security,
trusted path, Java, Kerberos, IPSEC, SSL, firewalls.
-----
The paper advocates greater research on vulnerabilities
of operating systems which allow malicious attackers to
circumvent application-level security, including
cryptographic protection. Ways to get around hardware
and software crypto are outlined.
Covert channels are a prime concern, as well as benign
use inadverdently allowing malicious intrusion.
An extensive list of references trace the twenty-five
year history of OS flaws and examine why so little has
been done to correct known deficiencies which undermine
seemingly unbreachable applications.
Readings about DTOS, Fluke, Flash and other developments
of the NSA-sponsored Synergy program are illuminating.
The recent republication of early compsec documents by
CSRC is appropriate to this topic, particularly, "Subversion:
The Neglected Aspect of Computer Security," by Philip Myer,
June 1980, a thesis at NPS:
http://csrc.nist.gov/publications/history/myer80.pdf
Not that NSA would ever exploit OS weaknesses not warned
about.
-----
Thanks to JM/RH for pointing to the NISSC papers.
Return to November 1998
Return to “John Young <jya@pipeline.com>”
1998-11-15 (Sun, 15 Nov 1998 10:34:09 +0800) - NSA on OS Flaws - John Young <jya@pipeline.com>