Re: For the AdaOS folks

["Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>]

On Mon, 03 Jan 2005 15:44:17 -0500, Warren W. Gay VE3WWG wrote:

> Dmitry A. Kazakov wrote:
>> 
>> But in our hypothetical OS each possible way of access will be represented
>> by some safe system object. These objects, when properly designed will
>> provide necessary administrative services. 
> 
> If you are a night watchman for a Mall, which situation makes it
> easier to sleep at night when you've locked up and gone home?
> 
>    1. A mall with one or two doors on the outside to be
>       locked and checked.
>    2. A mall with thousands of doors on the outside to be
>       locked and checked.
> 
> The answer is obvious. Sure, it is ok for other doors to exist
> inside the mall (for each store), which can be locked, but it
> only makes sense to choke the security at a minimal number
> of points.

But you can approach the problem in other ways. You could change people to
make impossible for somebody to steal. You could make objects unusable when
stolen etc.

>> Do you have one "gate" for hard drive I/O? 
> 
> Yes, actually. The kernel controls the issuing of the IDE
> commands, so that no process can permanently destroy the
> IDE drive (which can be done, if certain commands are issued).
> Not to mention that partition scope(s) must be enforced.

It is no different from handling TCP/IP sockets. So the problem lies
elsewhere above. Anybody may try to open a file.

> File systems mitigate access to the thousands of objects
> that exist within the file system. In a hierarchical system
> of directories, you have upper levels of choke points (in
> parent directories), as well as the ability to control
> access on the object itself.

Yes, that is the point. Files are primitive, but objects. It is much easier
to enforce security in a hierarchical system than in a flat sea of
unstructured data.

>> Do you need a firewall to tunnel open/close/read/write to floppy
>> drives? It would be nonsense. 
> 
> Maybe its not your floppy. Maybe it belongs to
> another user (perhaps a student/coworker/spouse).

But how a tunnel might help with that? It does not know who is the owner.

>> The problem is that network protocols do not
>> have safety of a file system. 
> 
> A file system is confined.

Come on, there were multi-user OSes before Windows. Even UNIX pretended to
be one.

> A network is exposed by
> definition. That is the element that makes network
> security so difficult. It has very little to do
> with which came first.
> 
>>>Even at home, there is much more safety in doing things this way.
>> 
>> It an imaginary safety.
> 
> Not at all. While it is not the entire answer to network
> security, you court disaster without one. You will not find
> one network security expert to suggest what you are promoting.

Sure, why should they kill a hen carrying the gold eggs? (:-)) Did you ever
hear from any company selling anti-virus software that the only problem
with viruses is OS?

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de