From: utzoo!decvax!harpo!seismo!hao!hplabs!sri-unix!FC01@USC-ECL
Newsgroups: net.unix-wizards
Title: security
Article-I.D.: sri-unix.4995
Posted: Fri Dec 31 00:50:03 1982
Received: Sat Jan  1 04:57:21 1983

From: FC01 
Date: 30 Dec 1982 0756-PST
I just wanted to point out the types of security that exist, what they are
good for, and why it is that systems are very hard to make secure.

1	Physical separation - the strongets security

	this makes it real hard to tamper since no access at all is allowed
	it also makes it real hard to get anything done for the same reason

2	encription of information

	this can make it arbitrarily improbable to figure out the meaning of
	data. it also takes additional cpu time to use encryption and
	can be a pain if you forget the codes

3	logical separation

	this is the use of the OS to try to separate things for you. The main
	problems here are that the OS is written by people (falable, bribable,
	etc.) and is therefor imperfect. In addition, there is a real need for
	operators to be able to access any file in the system for
	maintenance purposes.

4	trust

	If you trust the people you share resources with, security is knowing
	that they wouldn't do anything bad to you anyway.

	Since 1 has the major disadvantage of not being able to get anything
	done, and 3 and 4 are so falable, 2 seems the only way to protect onesself.
	If you have the input stream decoded by program, you can fool even the
	slickest kmem hackers. If you have the output encoded you can even
	fool yourself. If kmem itself was coded so that only certain areas had
	useful information after decoding (through the public device
	driver), it would be hard to watch others. Other schemes are also
	viable, but the main point is that if you want protectioon, use codes
	and do it yourself, don't trust others.
-------