Re: Security testing

• To: www-security@ns2.rutgers.edu
• Subject: Re: Security testing
• From: Rick Smith <smith@sctc.com>
• Date: Fri, 22 Sep 1995 18:17:59 -0500
• Cc: smith@sctc.com

Chuck McManus proposed:

>... security should be tested by a vulnerability
>analysis and not simply basic function tests. The idea is fairly simple to
>express, you identify all of the "bad" things that can happen, ... prune..

Grampaw tells me they tried that in the olden days of computer
security.  It was called "penetrate'n'patch" and consisted of testing
all the bad things until you ran out of time and/or money.  You
generally ran out of resources before you ran out of test cases.

That led to the design analysis requirements in the NCSC Orange Book.
Of course, nobody seems to have the time/money resources to do that,
either, except for really special cases (not nukes, their security
requirements would grow hair on a billiard ball).

>There is a technique and a mindset to designing secure systems, much like
>there is to building operating systems or language design. Unfortunately
>it doesn't get as much air time in university classes as it should.

I could fill a book with stuff universities should teach but don't.
This is probably closer to being able to happen than some topics,
since security is a global property that has interesting aspects when
analyzed with logical formalisms. So you can get tenure by doing it.

Rick.
smith@sctc.com       secure computing corporation

• Previous: Re: Java
• Next: Re: Netscape's purported RNG
• Index(es):
  • Index
  • Thread