Secure Coding mailing list archives

Software Assist to Find Least Privilege

From: coley at linus.mitre.org (Steven M. Christey)
Date: Tue, 25 Nov 2008 12:56:58 -0500 (EST)


On Tue, 25 Nov 2008, Mark Rockman wrote:

Assuming this is repeated for every use case, the resulting
reports would be a very good guide to how CAS settings should be
established for production.  Of course, everytime the program is changed
in any way, the process would have to be repeated.


Better - and absoutely unachievable any time soon - would be for the
application itself to more explicitly state what its requirements of the
OS are, and what its intended behaviors are.  Kind of like SELinux but
simpler.  More easily said than done, but until we develop richer models
for representing what an application's legitimate behaviors are, then
automated detection of these types of issues are likely to be difficult.

- Steve

Current thread:

Software Assist to Find Least Privilege Mark Rockman (Nov 25)
- Software Assist to Find Least Privilege Steven M. Christey (Nov 25)
  - Software Assist to Find Least Privilege Gary McGraw (Nov 25)
- Software Assist to Find Least Privilege ljknews (Nov 25)
- Software Assist to Find Least Privilege Susan Bradley, CPA (Nov 25)
- Software Assist to Find Least Privilege Pete Werner (Nov 25)