Re: SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2011-01-20 at 16:35 +0000, Alan Cox wrote: 
> > It uses the term "control" in the context of interactions between system's
> > components, not security of the system.
> 
> Security *is* a part of a set of interactions between system components.
> It has to be able to mediate all sorts of complex interactions between
> components and decide which are permissible. All those components have
> state and all that state has to be managed.
> 
> > I say once again, MORE complexity is LESS security.
> 
> I'd like to see a mathematical proof of that, but I don't believe it's
> ever been done. Intutively it is true which is why important systems are
> kept simple. Unfortunately simple systems are not capable of being your
> desktop.

I'd suggest there's something like a "neo-Laffer curve"[1] relating
complexity and security.  No security at all is pretty insecure
(obviously), and overly simple security isn't much better.  Vastly
involved security systems are likely to be not very secure (because they
contain large numbers of defects and/or because they are too hard to
manage effectively).  In between those extremes, though, the smooth
relationship breaks down.  There's no "optimal" level of complexity
because of dependencies on environmental conditions.

> 
> > That's why complex systems (civilizations, societies, economies, financials,
> > computing, etc) are inevitably destined to fail or fall.
> 
> Failure is a necessary part of progress. It's called learning. Without
> failure you have stasis.
> 
> Alan
> 

[1] http://everything2.com/title/neo-Laffer+curve
-- 
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux