Re: More on garbage

"Jon A. Solworth" <solworth@cs.uic.edu> writes:
> On the contrary, there is a difference between security and reliability.
> Security has an intelligent adversary where as reliability deals with
> independent random events.

warning topic drift .... one common(?) security abstraction is PAIN:

P ... privacy
A ... authentication
I ... integrity
N ... non-repudiation

it is sometimes CAIN ... confidentiality in place of privacy ... and
sometimes A is "availability" (although availability can be subsumed
under integrity). Also some people might sometimes refer to the "I" as
identification (but that gets into the subject that sometimes
authentication and identification are frequently confused).

In any case, ... reliability can be considered both an aspect of
overall integrity as well as an aspect of availability ... both
fundamental to the general security environment ... modulo frequent
efforts to treat security purely within the context of some sort of
(human) attack or exploit.

however, when we were starting the ha/cmp project
http://www.garlic.com/~lynn/subtopic.html#hacmp

one of the things we did was some detailed vulnerability analysis
... basically in support of RAS issues (reliability, availability,
serviceability).

one of the things we predicted was a dramatic increase in the
frequency of buffer length related vulnerabilities compared to other
environments that we were familiar with that used explicit lengths in
their abstracts (possible disclaimer at this point ... taking the side
of buffer length related exploits might be construed as support for
the predictions made nearly 20 years ago). at the RAS level ... it
didn't make any difference whether failures were purely random and
accidental or attacker induced.

in any case ... if the 911 service didn't work ... people might
questions its integrity ... regardless of whether of the causes of any
failures ... whether they were of purely naturally occuring random
events or direct human-based attacks.

lots of past buffer length related posts
http://www.garlic.com/~lynn/subpubkey.html#overflow

misc. past postings mentioning PAIN:
http://www.garlic.com/~lynn/aadsm10.htm#paiin PAIIN security glossary & taxonomy
http://www.garlic.com/~lynn/aepay11.htm#53 Authentication white paper
http://www.garlic.com/~lynn/aadsm11.htm#11 Meaning of Non-repudiation
http://www.garlic.com/~lynn/aadsm11.htm#12 Meaning of Non-repudiation
http://www.garlic.com/~lynn/aadsm14.htm#39 An attack on paypal
http://www.garlic.com/~lynn/aadsm16.htm#11 Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)
http://www.garlic.com/~lynn/aadsm16.htm#13 The PAIN mnemonic
http://www.garlic.com/~lynn/aadsm16.htm#14 Non-repudiation (was RE: The PAIN mnemonic)
http://www.garlic.com/~lynn/aadsm16.htm#17 Non-repudiation (was RE: The PAIN mnemonic)
http://www.garlic.com/~lynn/aadsm16.htm#18 Non-repudiation (was RE: The PAIN mnemonic)
http://www.garlic.com/~lynn/aadsm16.htm#23 Non-repudiation (was RE: The PAIN mnemonic)
http://www.garlic.com/~lynn/aadsm17.htm#3 Non-repudiation (was RE: The PAIN mnemonic)
http://www.garlic.com/~lynn/aadsm17.htm#5 Non-repudiation (was RE: The PAIN mnemonic)
http://www.garlic.com/~lynn/aadsm17.htm#28 Definitions of "Security"?
http://www.garlic.com/~lynn/aadsm17.htm#59 dual-use digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#56 two-factor authentication problems
http://www.garlic.com/~lynn/2003f.html#37 unix
http://www.garlic.com/~lynn/2003j.html#47 The Tao Of Backup: End of postings
http://www.garlic.com/~lynn/2003o.html#22 securID weakness
http://www.garlic.com/~lynn/2003o.html#29 Biometric cards will not stop identity fraud
http://www.garlic.com/~lynn/2003p.html#11 Order of Encryption and Authentication
http://www.garlic.com/~lynn/2004b.html#44 Foiling Replay Attacks
http://www.garlic.com/~lynn/2004h.html#13 Two-factor Authentication Options?
http://www.garlic.com/~lynn/2005e.html#42 xml-security vs. native security
http://www.garlic.com/~lynn/2005g.html#51 Security via hardware?

-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/