|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Examples of lost security when integrating (secure) SW
From: Magnus Therning (magnus-work
therning.org)
Date: Tue Jun 08 2004 - 07:10:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I just had a discussion with my colleagues regarding problems with
security in larger systems that are composed by combining
modules/components that individually are secure. Both my gut and sources
I have consulted says this is the case. However, I haven't been able to
find any examples of when this has happened!
Bruce Schneier spends a few pages in Secrets & Lies on the subject,
without offering any examples of what can happen. I seem to remember
some talk on a conference (was it Usenix?) a few years ago__I never
attended it but I read the abstract of the papers/talks--where a talk on
security mentioned a case where the combination of two security features
effectively cancelled each other.
Can anyone offer any more concrete examples, ideally not only academic
ones?
/M
--
-----------------------------------------------------------------------
Magnus Therning Philips Research Laboratories Eindhoven
Phone: +31 40 2745179 (OpenPGP: 0x4FBB2C40)
Some operating systems are called 'user friendly', Linux however is
'expert friendly'.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAxayqYcKlB0+7LEARAnacAKCwQaj+l7AYDxlFhTFZqx8+R/JdqwCfQ7In
IUPlw3P6gA1/QEL3EFkEXMU=
=tf+u
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]