Comments

Jack C LiptonMarch 7, 2008 7:57 PM

I watched that video and found that, since I read your blog, that it wasn't anything particularly new.

But, then, as Winston Churchill said of writing speeches, you have to repeat the message over and over again in slightly different ways in order to hope for understanding.

I particularly liked your commentary on "assurance" and the mindset required to "get it right"... but, yes, you were also very right that no one, if they have a choice, will want to pay the price.

The real problem w/ assurance is that the _system_ may have some kind of assurance... but nothing guarantees that the applications themselves are assured secure.

Any MouseMarch 8, 2008 7:54 PM

Bruce Schneier: you briefly mentioned compartmentation to prevent small errors
propagating into big errors in that talk. Does the same apply with vulernabilities?

If so then wouldnt Operating Systems or runtimes based on object-capability based security (per www.erights.org definition) do nicely on compartmentation?

My experience is that an vulernability in an popular software library such as libpng or libjpeg can be utilized, for instance, to gain access to users data and mail it home to the attacker.
Due to the fact that the proccess running that library has, as default, all of the users access to that users files and resources. Where as if an instance of the library only had access to the raster output for the image, some private working storage and the bytestream containing the images data would only be able to corrupt what were shown in that raster buffer.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..