funsec mailing list archives

Re: Hey old people

From: Roland Dobbins <rdobbins () cisco com>
Date: Wed, 21 Dec 2005 12:45:57 -0800

Check out the commentary about how auditing something like OS/360 orGecos was practically impossible, as they're essentially big balls ofyarn, whereas auditing MULTICS is quite doable, because of itsmodular design and the availability of its source.

;>

Note that even though this study was completed in 1974, they refer tovulnerabilities found in 1972.


Here's thirty-year retrospective:

http://www.acsa-admin.org/2002/papers/classic-multics.pdf

On Dec 21, 2005, at 12:26 PM, Blue Boar wrote:

David Lodge wrote:
I love some of the quotes:
"Finally, and most important, current operating systems are solarge, so complex, [sic] and so monolithic that one cannot beginto attempt a formal proof or certification of their correctimplementation."
They'd have a field day with win 2k3 :-)
Indeed. They say that the programs are huge, as many as 100,000instructions! Much too large to audit properly. ;)
I believe there's another section that talks about correctnessproofs, except that the biggest programs to have been provencorrect have only been a few hundred lines. Real operating systemscan be a couple of orders of magnitude larger.
But there's some hope for structured programming from some guynamed Djisktra or something. :)
                                        BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


--------------------------------------------------------------------
Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice

 Algorithm agility is an essential feature in any Internet protocol.

                     -- Bruce Schneier



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

RE: Hey old people, (continued)
- - - RE: Hey old people Larry Seltzer (Dec 21)
    - RE: Hey old people Drsolly (Dec 21)
    - Re: Hey old people Blue Boar (Dec 21)
    - Re: Hey old people Drsolly (Dec 21)
- Re: Hey old people Valdis . Kletnieks (Dec 21)
  - Re: Hey old people Blue Boar (Dec 21)
    - Re: Hey old people Roland Dobbins (Dec 21)
    - Re: Hey old people Blue Boar (Dec 21)
    - Re: Hey old people David Lodge (Dec 21)
    - Re: Hey old people Blue Boar (Dec 21)
    - Re: Hey old people Roland Dobbins (Dec 21)
    - Re: Hey old people Blue Boar (Dec 21)
    - Re: Hey old people Tom Van Vleck (Dec 22)
    - Re: Hey old people Drsolly (Dec 21)
    - Re: Hey old people Valdis . Kletnieks (Dec 21)
    - Re: Hey old people Tom Van Vleck (Dec 22)
    - Re: Hey old people dudevanwinkle () gmail com (Dec 22)
    - Re: Hey old people Blue Boar (Dec 22)
    - Re: Hey old people Drsolly (Dec 22)
    - Re: Hey old people Roland Dobbins (Dec 22)
    - Re: Hey old people Tom Van Vleck (Dec 22)

(Thread continues...)