From: utzoo!decvax!harpo!seismo!hao!hplabs!sri-unix!FC01@USC-ECL Newsgroups: net.unix-wizards Title: security Article-I.D.: sri-unix.4995 Posted: Fri Dec 31 00:50:03 1982 Received: Sat Jan 1 04:57:21 1983 From: FC01Date: 30 Dec 1982 0756-PST I just wanted to point out the types of security that exist, what they are good for, and why it is that systems are very hard to make secure. 1 Physical separation - the strongets security this makes it real hard to tamper since no access at all is allowed it also makes it real hard to get anything done for the same reason 2 encription of information this can make it arbitrarily improbable to figure out the meaning of data. it also takes additional cpu time to use encryption and can be a pain if you forget the codes 3 logical separation this is the use of the OS to try to separate things for you. The main problems here are that the OS is written by people (falable, bribable, etc.) and is therefor imperfect. In addition, there is a real need for operators to be able to access any file in the system for maintenance purposes. 4 trust If you trust the people you share resources with, security is knowing that they wouldn't do anything bad to you anyway. Since 1 has the major disadvantage of not being able to get anything done, and 3 and 4 are so falable, 2 seems the only way to protect onesself. If you have the input stream decoded by program, you can fool even the slickest kmem hackers. If you have the output encoded you can even fool yourself. If kmem itself was coded so that only certain areas had useful information after decoding (through the public device driver), it would be hard to watch others. Other schemes are also viable, but the main point is that if you want protectioon, use codes and do it yourself, don't trust others. -------