funsec mailing list archives
Re: Hey old people
From: Roland Dobbins <rdobbins () cisco com>
Date: Wed, 21 Dec 2005 12:45:57 -0800
Check out the commentary about how auditing something like OS/360 or Gecos was practically impossible, as they're essentially big balls of yarn, whereas auditing MULTICS is quite doable, because of its modular design and the availability of its source.
;>Note that even though this study was completed in 1974, they refer to vulnerabilities found in 1972.
Here's thirty-year retrospective: http://www.acsa-admin.org/2002/papers/classic-multics.pdf On Dec 21, 2005, at 12:26 PM, Blue Boar wrote:
David Lodge wrote:I love some of the quotes:"Finally, and most important, current operating systems are so large, so complex, [sic] and so monolithic that one cannot begin to attempt a formal proof or certification of their correct implementation."They'd have a field day with win 2k3 :-)Indeed. They say that the programs are huge, as many as 100,000 instructions! Much too large to audit properly. ;)I believe there's another section that talks about correctness proofs, except that the biggest programs to have been proven correct have only been a few hundred lines. Real operating systems can be a couple of orders of magnitude larger.But there's some hope for structured programming from some guy named Djisktra or something. :)BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
-------------------------------------------------------------------- Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice Algorithm agility is an essential feature in any Internet protocol. -- Bruce Schneier _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Hey old people, (continued)
- RE: Hey old people Larry Seltzer (Dec 21)
- RE: Hey old people Drsolly (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people Drsolly (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people Roland Dobbins (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people David Lodge (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people Roland Dobbins (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people Tom Van Vleck (Dec 22)