* security
@ 1991-06-04 21:58 Steve Vestal
0 siblings, 0 replies; 12+ messages in thread
From: Steve Vestal @ 1991-06-04 21:58 UTC (permalink / raw)
I would appreciate receiving pointers to any (proposed) standards, surveys, or
"typical" requirements for security in embedded systems. I'm not talking
about Orange book type stuff, but rather about compartmentalized or red/black
security requirements that might be imposed on embedded systems. Thanks in
advance.
Steve Vestal
Mail: Honeywell S&RC MN65-2100, 3660 Technology Drive, Minneapolis MN 55418
Phone: (612) 782-7049 Internet: vestal@src.honeywell.com
^ permalink raw reply [flat|nested] 12+ messages in thread
* Security
@ 1996-05-15 0:00 Frank Cheung
1996-05-15 0:00 ` Security Theodore E. Dennison
0 siblings, 1 reply; 12+ messages in thread
From: Frank Cheung @ 1996-05-15 0:00 UTC (permalink / raw)
Hello!
I have written a program in Ada83, and would like to provide some security
features to it:
(1) the user should not be able to exit using ctrl-d, ctrl-z, etc.
(2) password access to enter and exit the program.
Are there any routines or packages available to do this? Thank you very
much in advance.
Regards,
Frank.
________________Frank Cheung | Computer Science (BSc) Year 2_______________
/ fktc101@york.ac.uk | 0881-800800 a/c 841276 | +44-1904-430000 ext 4250 \
|James College, University of York, Heslington, Y01 5DD, York, United Kingdom|
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Security
1996-05-15 0:00 Security Frank Cheung
@ 1996-05-15 0:00 ` Theodore E. Dennison
1996-05-15 0:00 ` Security Wayne Lawton
0 siblings, 1 reply; 12+ messages in thread
From: Theodore E. Dennison @ 1996-05-15 0:00 UTC (permalink / raw)
Frank Cheung wrote:
>
> I have written a program in Ada83, and would like to provide some security
> features to it:
>
> (1) the user should not be able to exit using ctrl-d, ctrl-z, etc.
> (2) password access to enter and exit the program.
>
> Are there any routines or packages available to do this? Thank you very
> much in advance.
>
In Ada? No. Bundled with your compiler? Probably.
--
T.E.D.
| Work - mailto:dennison@escmail.orl.mmc.com |
| Home - mailto:dennison@iag.net |
| URL - http://www.iag.net/~dennison |
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Security
1996-05-15 0:00 ` Security Theodore E. Dennison
@ 1996-05-15 0:00 ` Wayne Lawton
0 siblings, 0 replies; 12+ messages in thread
From: Wayne Lawton @ 1996-05-15 0:00 UTC (permalink / raw)
Theodore E. Dennison wrote:
>
> Frank Cheung wrote:
> >
> > I have written a program in Ada83, and would like to provide some security
> > features to it:
> >
> > (1) the user should not be able to exit using ctrl-d, ctrl-z, etc.
> > (2) password access to enter and exit the program.
> >
> > Are there any routines or packages available to do this? Thank you very
> > much in advance.
> >
>
> In Ada? No. Bundled with your compiler? Probably.
>
Actually, there is such a package. I wrote a security package a few
years ago for an Army system called MPMIS. I have since been told that
a version of the package found its way into the Army Reuse Center
repository.
If that version isn't right, you may take a look at an Air Force system
called the Combat Ammunition System (CAS).
I would recommend the CAS version as being the more mature.
The algorithm uses a database to pass "I called/I was called by"
information between modules in the system. The package supports
multi-level security based on the UNIX model. That is users and groups
of users have no access, read access, or execute access to a particular
module in the system. The package does require a database to support
the tables. The package supports encryption of the userids and
passwords.
The package has been implemented in a multiple executable environment,
as well as a multi-thread cooperative processing environment.
Hope one of these pointers helps...
Wayne Lawton
WLawton@servtech.com
^ permalink raw reply [flat|nested] 12+ messages in thread
* UniParser 0.1 released.
@ 2003-03-10 16:12 Victor Porton
2003-03-10 18:46 ` Victor Porton
0 siblings, 1 reply; 12+ messages in thread
From: Victor Porton @ 2003-03-10 16:12 UTC (permalink / raw)
UniParser 0.1alpha released by Extreme Code Software.
Alpha - unknown bugs are possible, API may change.
See http://ex-code.com/uniparser/ . Also
(devel page) http://sf.net/projects/uniparser/ .
"Buy" link and the mailing list do not yet work today.
It is a very flexible, powerful and extensible Ada library for
creating grammar parsers and lexers. Works not only with streams
of ASCII characters but with any data streams (e.g. Unicode).
See http://sf.net/projects/uniparser/ for more benefits.
API documentation included.
Released under both GPL-2 and a commercial license. There is also a
tutorial (also as the library itself preliminary, tell me if you
don't understand something in the tutorial please), see the Web site
for conditions to get the tutorial.
If you buy the commercial version among other benefits you receive
gratis updates (of both the library and tutorial) for 4 years and
technical support.
Please test it and put info about it on the Ada Web sites.
I'm also interested in receiving parser examples (written with
UniParser) and whether it is enough fast for you.
Deficiency: the source code of parser is bigger than for most
other parser toolkits. Maybe will be created a metalanguage
over Ada to get over this problem.
I like to hear any comments (in c.l.a or by e-mail).
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: UniParser 0.1 released.
@ 2003-03-10 18:46 ` Victor Porton
2003-03-10 18:55 ` Larry Kilgallen
0 siblings, 1 reply; 12+ messages in thread
From: Victor Porton @ 2003-03-10 18:46 UTC (permalink / raw)
In article <At42tLB25j0M@eisner.encompasserve.org>,
Kilgallen@SpamCop.net (Larry Kilgallen) writes:
> In article <E18sPsl-0003MI-00@porton.narod.ru>, porton@ex-code.com (Victor Porton) writes:
>> UniParser 0.1alpha released by Extreme Code Software.
>> Alpha - unknown bugs are possible, API may change.
>>
>> See http://ex-code.com/uniparser/ . Also
>> (devel page) http://sf.net/projects/uniparser/ .
>
>> I like to hear any comments (in c.l.a or by e-mail).
>
> I don't see any indication regarding buying this on physical media.
OK, I can add in the near days. BTW, Why you want namely CD?
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: UniParser 0.1 released.
2003-03-10 18:46 ` Victor Porton
@ 2003-03-10 18:55 ` Larry Kilgallen
2003-03-10 19:07 ` Security Victor Porton
0 siblings, 1 reply; 12+ messages in thread
From: Larry Kilgallen @ 2003-03-10 18:55 UTC (permalink / raw)
In article <E18sSIU-00040M-00@porton.narod.ru>, porton@ex-code.com (Victor Porton) writes:
> In article <At42tLB25j0M@eisner.encompasserve.org>,
> Kilgallen@SpamCop.net (Larry Kilgallen) writes:
>> I don't see any indication regarding buying this on physical media.
>
> OK, I can add in the near days. BTW, Why you want namely CD?
I see two possible interpretations of that question:
What do you want, CD ?
Yes, ISO 9660 would be good.
Why do you want physical media ?
Security policies that forbid copying software over the Internet.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Security
2003-03-10 18:55 ` Larry Kilgallen
@ 2003-03-10 19:07 ` Victor Porton
2003-03-10 20:16 ` Security Larry Kilgallen
0 siblings, 1 reply; 12+ messages in thread
From: Victor Porton @ 2003-03-10 19:07 UTC (permalink / raw)
In article <HN+$5lQxL8E6@eisner.encompasserve.org>,
Kilgallen@SpamCop.net (Larry Kilgallen) writes:
> In article <E18sSIU-00040M-00@porton.narod.ru>, porton@ex-code.com (Victor Porton) writes:
>> In article <At42tLB25j0M@eisner.encompasserve.org>,
>> Kilgallen@SpamCop.net (Larry Kilgallen) writes:
>
> Why do you want physical media ?
>
> Security policies that forbid copying software over the Internet.
If I will sign by 2048 bit GnuPG key is it a replacement for physical
media? (Well, except of transferring the key itself. However if I'll
upload it to central keyservers and sign with it my further messages
here, is it OK? I'm not against making a CD, just ask.)
P.S. As we posters in c.l.a deal with security so much, shouldn't we
introduce the "spoken rule" to digitally sign messages? Maybe we
should have our own keyserver at a place like AdaPower?
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Security
2003-03-10 19:07 ` Security Victor Porton
@ 2003-03-10 20:16 ` Larry Kilgallen
2003-03-11 8:28 ` Security Preben Randhol
0 siblings, 1 reply; 12+ messages in thread
From: Larry Kilgallen @ 2003-03-10 20:16 UTC (permalink / raw)
In article <E18sSch-0004Iv-00@porton.narod.ru>, porton@ex-code.com (Victor Porton) writes:
> In article <HN+$5lQxL8E6@eisner.encompasserve.org>,
> Kilgallen@SpamCop.net (Larry Kilgallen) writes:
>> Why do you want physical media ?
>>
>> Security policies that forbid copying software over the Internet.
>
> If I will sign by 2048 bit GnuPG key is it a replacement for physical
> media? (Well, except of transferring the key itself. However if I'll
> upload it to central keyservers and sign with it my further messages
> here, is it OK? I'm not against making a CD, just ask.)
I don't understand how that avoids copying software over the Internet.
It seems to be aimed more at proposing a different policy than complying
with the existing policy.
> P.S. As we posters in c.l.a deal with security so much, shouldn't we
> introduce the "spoken rule" to digitally sign messages? Maybe we
> should have our own keyserver at a place like AdaPower?
Perhaps those of you who use PGP should.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Security
2003-03-10 20:16 ` Security Larry Kilgallen
@ 2003-03-11 8:28 ` Preben Randhol
2003-03-11 12:06 ` Security Larry Kilgallen
0 siblings, 1 reply; 12+ messages in thread
From: Preben Randhol @ 2003-03-11 8:28 UTC (permalink / raw)
Larry Kilgallen wrote:
> In article <E18sSch-0004Iv-00@porton.narod.ru>, porton@ex-code.com (Victor Porton) writes:
>> P.S. As we posters in c.l.a deal with security so much, shouldn't we
>> introduce the "spoken rule" to digitally sign messages? Maybe we
>> should have our own keyserver at a place like AdaPower?
>
> Perhaps those of you who use PGP should.
Signing messages has little to do with security. It only deals with
authenticity.
--
() Join the worldwide campaign to protect fundamental human rights.
+||-.
.+--+'
'+||- http://www.amnesty.org/
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Security
2003-03-11 8:28 ` Security Preben Randhol
@ 2003-03-11 12:06 ` Larry Kilgallen
2003-03-11 12:10 ` Security Preben Randhol
0 siblings, 1 reply; 12+ messages in thread
From: Larry Kilgallen @ 2003-03-11 12:06 UTC (permalink / raw)
In article <slrnb6r7e2.1fn.randhol+news@kiuk0152.chembio.ntnu.no>, Preben Randhol <randhol+news@pvv.org> writes:
> Larry Kilgallen wrote:
>> In article <E18sSch-0004Iv-00@porton.narod.ru>, porton@ex-code.com (Victor Porton) writes:
>>> P.S. As we posters in c.l.a deal with security so much, shouldn't we
>>> introduce the "spoken rule" to digitally sign messages? Maybe we
>>> should have our own keyserver at a place like AdaPower?
>>
>> Perhaps those of you who use PGP should.
>
> Signing messages has little to do with security. It only deals with
> authenticity.
My training has been to associate security with the initials C.I.A.,
standing for the words:
Confidentiality
Integrity
Availability
And I would count Authenticity as part of Integrity.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Security
2003-03-11 12:06 ` Security Larry Kilgallen
@ 2003-03-11 12:10 ` Preben Randhol
2003-03-11 12:39 ` Security Victor Porton
2003-03-11 13:11 ` Security Larry Kilgallen
0 siblings, 2 replies; 12+ messages in thread
From: Preben Randhol @ 2003-03-11 12:10 UTC (permalink / raw)
Larry Kilgallen wrote:
> My training has been to associate security with the initials C.I.A.,
> standing for the words:
>
> Confidentiality
> Integrity
> Availability
>
> And I would count Authenticity as part of Integrity.
Yes, but if you cannot download software (source that is, I'm not
talking about binary executables) then how can you download pgp-keys
from the net?
--
() Join the worldwide campaign to protect fundamental human rights.
+||-.
.+--+'
'+||- http://www.amnesty.org/
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Security
2003-03-11 12:10 ` Security Preben Randhol
@ 2003-03-11 12:39 ` Victor Porton
2003-03-11 12:47 ` Security Preben Randhol
2003-03-11 13:11 ` Security Larry Kilgallen
1 sibling, 1 reply; 12+ messages in thread
From: Victor Porton @ 2003-03-11 12:39 UTC (permalink / raw)
In article <slrnb6rkeb.8lc.randhol+news@kiuk0152.chembio.ntnu.no>,
Preben Randhol <randhol+news@pvv.org> writes:
> Yes, but if you cannot download software (source that is, I'm not
> talking about binary executables) then how can you download pgp-keys
> from the net?
Using pgp/gpg keys would be able to eliminate the need for physical
media for every new update of software. It would be enough to only once
send the key on floppy/CD and then using this key to send authentied
software through Internet.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Security
2003-03-11 12:39 ` Security Victor Porton
@ 2003-03-11 12:47 ` Preben Randhol
0 siblings, 0 replies; 12+ messages in thread
From: Preben Randhol @ 2003-03-11 12:47 UTC (permalink / raw)
Victor Porton wrote:
> Using pgp/gpg keys would be able to eliminate the need for physical
> media for every new update of software. It would be enough to only once
> send the key on floppy/CD and then using this key to send authentied
> software through Internet.
Yes, to some extent. However things can be forged. Although signing is
done by f.ex RedHat and Microsoft. However with security there is only
one rule: Nothing is secure. :-)
--
() Join the worldwide campaign to protect fundamental human rights.
+||-.
.+--+'
'+||- http://www.amnesty.org/
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Security
2003-03-11 12:10 ` Security Preben Randhol
2003-03-11 12:39 ` Security Victor Porton
@ 2003-03-11 13:11 ` Larry Kilgallen
1 sibling, 0 replies; 12+ messages in thread
From: Larry Kilgallen @ 2003-03-11 13:11 UTC (permalink / raw)
In article <slrnb6rkeb.8lc.randhol+news@kiuk0152.chembio.ntnu.no>, Preben Randhol <randhol+news@pvv.org> writes:
> Larry Kilgallen wrote:
>> My training has been to associate security with the initials C.I.A.,
>> standing for the words:
>>
>> Confidentiality
>> Integrity
>> Availability
>>
>> And I would count Authenticity as part of Integrity.
>
> Yes, but if you cannot download software (source that is, I'm not
> talking about binary executables) then how can you download pgp-keys
> from the net?
You seem to be confusing multiple discussions that have a common root.
_I_ am not a PGP user.
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2003-03-11 13:11 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1991-06-04 21:58 security Steve Vestal
-- strict thread matches above, loose matches on Subject: below --
1996-05-15 0:00 Security Frank Cheung
1996-05-15 0:00 ` Security Theodore E. Dennison
1996-05-15 0:00 ` Security Wayne Lawton
2003-03-10 16:12 UniParser 0.1 released Victor Porton
2003-03-10 18:46 ` Victor Porton
2003-03-10 18:55 ` Larry Kilgallen
2003-03-10 19:07 ` Security Victor Porton
2003-03-10 20:16 ` Security Larry Kilgallen
2003-03-11 8:28 ` Security Preben Randhol
2003-03-11 12:06 ` Security Larry Kilgallen
2003-03-11 12:10 ` Security Preben Randhol
2003-03-11 12:39 ` Security Victor Porton
2003-03-11 12:47 ` Security Preben Randhol
2003-03-11 13:11 ` Security Larry Kilgallen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox