, 2004-01-14
The Linux standards group publishes 565 pages of data describing a standards-compliant Linux package. So why aren't any of them about security?
Expand all |
Post comment
|
Standardizing on Security
, 2004-01-14 The Linux standards group publishes 565 pages of data describing a standards-compliant Linux package. So why aren't any of them about security?
Expand all |
Post comment
|
|
|
Privacy Statement |
Security, remember, is an emergent property of system architecture, so first of all we need to recognize that thinking in terms of isolated security standards is somewhat limiting. Another consideration is that in order to be meaningful, security has to be measured relative to expectation. A secure system is one which not only does what you expect, but equally does nothing that you don't expect.
Standards can certainly help set expectations, though we should remember that they dictate design, not implementation. Security, as we know, depends on both. For example, in terms of security assurance, we know that closed source systems are necessarily weaker than open source systems because we have no means of inspecting their implementation. Therefore, we can never be sure that closed source systems will not do something undesirable, or that a given standard will have enumerated all the possible behaviors that might prove to be undesirable.
Standards primarily contribute to architectural stability and interoperability. Those are both very important aspects of security, even if the word "security" never once appears in a standards document. Indeed , it's precisely because standards do not dictate implementation that competing implementations can operate in place of each other. Thus, we are in a position to choose between them based on our security requirements.
Indirectly, standards contribute to security by simplifying system configuration. We know that systems are rarely managed in isolation, and we also know that security is correlated with simplicity. A group of systems whose members are defined to a common standard can be administered uniformly. We can use a common model to reason about their security, and we can apply a common security policy to their configuration.
So, yes, I absolutely agree that the LSB is the natural place to define standards that affect Linux security, which is to say, all standards to one degree or another. That work is well underway, and its intrinsic value to security should not be disparaged.
On the other hand, there's lots more to do. I personally would like to see significant standards convergence on Linux system administration, package management, and configuration. I think these are areas which have a huge practical impact on site security.
Standards are rarely complete and seldom perfectly unambiguous. As a standards body, the IETF acknowledges this in its dictum of "rough consensus and running code." Linux and Unix both exist in much the same spirit, and likewise are products of the same community. Somehow they manage to embody deeper security principles in dramatically more robust implementations than their most popular commercial competitor. So something is working right here, even if we haven't pinned it all down explicitly yet. Let's keep working on it!
Dan Razzell
Starfish Systems
www.starfishsystems.ca
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/207/24409#24409