Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!yetti!geac!daveb
From: daveb@geac.UUCP (Brown)
Newsgroups: comp.ai
Subject: inSecurity (was Re: Is Computer Science Science?)
Message-ID: <1363@geac.UUCP>
Date: Mon, 14-Sep-87 08:06:24 EDT
Article-I.D.: geac.1363
Posted: Mon Sep 14 08:06:24 1987
Date-Received: Tue, 15-Sep-87 00:42:40 EDT
References: <5113@sunybcs.UUCP> <8300004@osiris.cso.uiuc.edu>
Reply-To: daveb@geac.UUCP (Dave Collier-Brown)
Organization: The little blue rock next to that twinkly star.
Lines: 20
Keywords: computer security
Summary: Security is in the mind of the securor...

In article <8300004@osiris.cso.uiuc.edu> goldfain@osiris.cso.uiuc.edu writes:
>IN SPITE OF RESEARCH, THE FOLLOWING ARE TENETS OF THE CURRENT WORKPLACE:
>"There is no such thing as real computer security."
>"There is always one more bug."

 These two tenets are related to each other in an interesting way: 
provably secure operating systems exist (so-called "A1" systems), but
the proof merely demonstrates that 
	a) An externally specified standard is met, and
	b) Certain insecure features have a diminishingly small bandwidth.
  (a) is related to the buggyness theorem by one level of indirection: there
is no proof in the system that the extra-systemic security policy does not
contain bugs.

  --dave (and I can point one out, oh orange-bookers) c-b
-- 
 David Collier-Brown.                 {mnetor|yetti|utgpu}!geac!daveb
 Geac Computers International Inc.,   |  Computer Science loses its
 350 Steelcase Road,Markham, Ontario, |  memory (if not its mind)
 CANADA, L3R 1B3 (416) 475-0525 x3279 |  every 6 months.