« May »
Locations of visitors to this page

Powered by blojsom

Radovan Semančík's Weblog

Tuesday, 30 May 2006
« Insecure Workstations | Main | I'm not dead (yet) »

In the last posts I've written [1] [2] about inherent security problems of current information technologies. Today I want to write about possible solutions.

To make the long story short (a.k.a. "Management Summary"), I can see no short-term solution at all. If we work really hard, we can have at least some security in the first half of next decade. But I really doubt that.

And now the full story:

Perimeter security does not work. Firewalls are not effective. And I believe that they cannot be made effective and practical at the same time. We should not rely on firewalls for providing host security. Hosts should be secure on their own. Especially mobile hosts, because these cannot count on firewalls protecting them. We should re-engineer the operating system to build security into their network layers.

Workstations are insecure. Anyone can do anything. Any process can ruin system security. This has to change. Operating system should not be designed to "just work", but has to support non-functional requirements also - such as security and reliability. Some features of multi-level secure systems should be also implemented in the conventional operating systems. Well, it may be a little bit difficult to figure out what features to migrate and how to implement them to be usable. But I believe we can figure it out. Sooner or later. Probably later than sooner.

Windows Vista may be heading in the right direction (*). And it looks like Microsoft is quite alone in the effort. But I'm not naive enough to believe that the security can be done right anytime soon. It will take a lot of thinking, designing and testing. And that testing will be done on real customers, I suppose, like you and me. I think that first release of Windows Vista will not be much more secure than the current operating system. Because for the system to be secure, all must be changed. The approach, the technology, the people. And that will take a long time.

I would not expect that we will see any widespread secure operating system until 2010. 2015 or even 2020 are more probable. But at that time, the low-level software that runs on computing devices may not even be called "operating system" anymore.

(*) It's really ridiculous that such a strong oponent of Microsoft approach like myself states that Microsoft is doing something that is heading in the right direction. Well, I would gladly admit that I was all wrong, and that Microsoft is really great technological company. But I have a strange feeling that somehow the things are not all that ideal. The time will tell.

Posted by semancik at 10:48 PM in security
Comment: Kozo at Thu, 1 Jan 12:00 AM

I'm not sure. There is ten years to 2015 (and more to 2020). Nobody knows what OS there will be in 2020 and how people will be use it. Yes, concepts have to be changed, but our vision of right way may be wrong. And at last, I'm really skeptical about Microsoft efforts, because they have strange look to interoperability.

Comment: Robin Wilton at Thu, 1 Jan 12:00 AM

Hi Radovan - as usual, I think your analysis is almost certainly spot on, depressing though it may be. I came to the conclusion some years ago, that the trio of "Secure, Usable, Manageable" is one of those sets where you can have any two, but not all three. In the case of workstations, as you point out, the tendency seems to have been to aim low, and go for Usability alone. Unfortunately, one consequence of that has been to reinforce extremely bad habits in the user population. I think that's the factor which will take longest to correct.

Add your comment:
(not displayed)
Generate another code

Please enter the code as seen in the image above to post your comment.
Your comments will be submitted for approval by blog owner to avoid comment spam. It will not appear immediately. Also please be sure to fill out all mandatory fields (marked by asterisk). This ... ehm ... imperfect software does not have any error indication for missing input fields.


[Trackback URL for this entry]