Linked by Eugenia Loli-Queru on Fri 3rd Jun 2005 02:45 UTC
Robert Watson has posted a number of status updates relating to various pieces of work going on in the TrustedBSD Project, and in particular, relating to integration of recent changes into the FreeBSD CVS tree for inclusion in the upcoming 6.0 release. This includes a information on verified execution, the MAC Framework, the SEBSD port of NSA's FLASK/TE to FreeBSD, and the new security event audit framework in FreeBSD 6.0.
Permalink for comment
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
While I agree user testing should be an integral part of determining if a security methodology can be understood well enough to be implemented and utilized properly, I do not think the priviledge model of Microsoft Windows is inherently complicated. A fundamental level of knowledge is necessary to administer a computer system, and security implementations must take into account the variability of knowledge and experience of the users of that technology. The presentation to the user should be as simple as possible and no simpler. Flask is more thorough than either Windows or *nix, being more complicated is a side-effect of that completeness.
Security flaws in Windows are at a more fundamental level, as they are also with other OS's on a untagged architecture with an executable stack. As I've said the security implmentation must take user interaction into account, there is a definite division between user-level and implementation level. The question is 'If the administrator follows all procedures properly is the system secure?' Until that can be answered positively, the ultimate refinement of user-level protocol will never guarantee system security.