[Off Topic] Re: Linux security

Tue May 2 02:42:33 UTC 2006

On Monday 01 May 2006 05:18, Peter Garrett wrote:

> I compare the easy availablity of powerful computing to the general
> populace with allowing a 17 year-old to drive around town in a
> Ferrari; potentially dangerous without adequate training.

Now that's an apt description of the problem :-)

[big snip]

> Basis for this "rant":
>
> We are living in a transitional period - the transition is from the
> centuries-old traditional print & picture based model to an
> entirely new model in which everything is instantly connectable
> with everything else. Old paradigms no longer work, and we haven't
> yet come up with adequate new ones. In this interim period there is
> huge potential for a new way of viewing all aspects of culture -
> there is also potential for the whole "revolution" of thought that
> this implies to be lost because of a lack of imagination, coupled
> with the usual culprits of special interest, power and so on that
> will never go away, human society being as it has always been.

I've been coming to that conclusion myself bit by bit over the years. 
This thread caused me to have another look at why computers are so 
fundamentally disruptive to the old ways, here's what I think:

Ever other machine we have ever had has very specific defined 
functions. Locks make sure doors stay closed, cars transport people 
from A to B and so on and so on. Computers are different - they are 
the first and so far only truly general purpose machines we've ever 
come up with. The thing is a Turing machine and it's job is to 
manipulate INFORMATION. What information? Well, the only architecture 
we have so far is the Von Neumann so it's ANY information that can be 
represented in binary. Something as flexible as that doesn't lend 
itself too well to rigid security approaches when you start to 
exploit it's full power (which is currently happening)

Take a car - it has a very simple security model. If you have the key, 
you can drive it, if you don't then you can't. This is OK because the 
only thing the car will ever do is move down the road. The computer 
isn't like that because it manipulates information. Even though it's 
a machine, we interact with it almost as if it's a human. This is a 
key distinction.

We've been using the old security model for many years now. Everything 
is a file and files have access configurations which are *static*. I 
think this is the core of the problem - information gets packed into 
a discrete box with static access applied to it. Changing that static 
access in response to changing needs is often considered more effort 
than it's worth. Information just isn't like that in the real world. 
I think what we need as a start is to be able to apply arbitrary 
attributes to any piece of information the computer stores (I 
deliberately say 'piece of information' not 'file' - meaning it can 
be a piece of a file or a collection of files or a complete single 
file). Then a mechanism to be able to apply actions to the 
information based on those attributes.

WinFS sounds like a good place to start but I look at Uncle Bill's 
track record and really don't see his company managing to innovate 
that one. Reiser4 plans to implement arbitrary name/value pairs, that 
looks like a good start.

-- 
If only you and dead people understand hex, 
how many people understand hex?

Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five