[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security Framework issues
|
From: |
Stanley A. Klein |
|
Subject: |
Re: Security Framework issues |
|
Date: |
Wed, 20 Nov 2002 07:22:39 |
At 06:38 AM 11/20/2002 -0500, "Paul T. Juckniess" <address@hidden> wrote:
>I'm very new to this list , very old to manufacturing systems.
>I have not seen any thing about security on GNUe either.
>Since you may have databases scattered around the net and different
>operating systems you would really want the security handled within
>the application in one place otherwise administration could become
>very complex very fast.
First, I wrote an initial draft of a Security Framework Proposal for GNUe
in May 2001. You can find it in sgml format in the docbook part of CVS.
(It was on Neil Tiffin's part of the GNUe web page in other formats, but
they somehow got lost in one of the web hosting shuffles.)
I'm working on a revision now in OpenOffice format.
Plain facts: Security has to come from the operating system. You can't
build a secure application on an insecure operating system.
Anything you do in the application that isn't protected by the operating
system can be bypassed or defeated. The database (which is itself really
an application) can provide protection, but the protection it provides has
to be grounded in the operating system also.
There may be some security features that will need to be provided in the
application. Example: Providing role-based access control where the role
depends on the contents of a record in the database, such as the identity
of the originator of the transaction stored in the record, where the
approver of the transaction can't be the same person but can be the
originator of another transaction (stored in a different record). This, of
course, depends on the business rules defined by the governing entity of
the enterprise using the system. Protecting something like this is a major
challenge.
Protecting software written in a scripting language, such as Python, is
also a challenge. You need to prevent a malicious user from obtaining a
copy of the script, tampering with it by simple editing, and redirecting
the system to use the tampered copy.
Regarding your comment about administering security in a system with
multiple operating systems and databases, that will be complex regardless
of any application. As I said above, if the operating system isn't secure
(such as, because of mis-administration due to complexity) no application
on it will be secure. Better to fix the system architecture and reduce the
complexity that way.
Stan Klein