SELinux
Matthew Saltzman
mjs at clemson.edu
Thu Jan 20 23:50:26 UTC 2011
On Thu, 2011-01-20 at 16:35 +0000, Alan Cox wrote:
> > It uses the term "control" in the context of interactions between system's
> > components, not security of the system.
>
> Security *is* a part of a set of interactions between system components.
> It has to be able to mediate all sorts of complex interactions between
> components and decide which are permissible. All those components have
> state and all that state has to be managed.
>
> > I say once again, MORE complexity is LESS security.
>
> I'd like to see a mathematical proof of that, but I don't believe it's
> ever been done. Intutively it is true which is why important systems are
> kept simple. Unfortunately simple systems are not capable of being your
> desktop.
I'd suggest there's something like a "neo-Laffer curve"[1] relating
complexity and security. No security at all is pretty insecure
(obviously), and overly simple security isn't much better. Vastly
involved security systems are likely to be not very secure (because they
contain large numbers of defects and/or because they are too hard to
manage effectively). In between those extremes, though, the smooth
relationship breaks down. There's no "optimal" level of complexity
because of dependencies on environmental conditions.
>
> > That's why complex systems (civilizations, societies, economies, financials,
> > computing, etc) are inevitably destined to fail or fall.
>
> Failure is a necessary part of progress. It's called learning. Without
> failure you have stasis.
>
> Alan
>
[1] http://everything2.com/title/neo-Laffer+curve
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
More information about the users
mailing list