Secure Systems

Safety in Software

I dare to say that the focus in secure systems will soon change from the typical "security" point of view (attacks and how to fight them) to the building of damage controlling systems (as I tried to point out in "Sichere Systeme). Part of this move will be an emphasis on safety, reliability and availability. This will affect systems in the areas of design/documentation/model, testing and runtime execution. I've collected some thoughts in a little paper on Safety using the Ariane 5 crash as an example.

Resources

The Time Warp Operating System
Blog von Gilad Bracha, Erfinder von Newspeak
The Securitization of Haiti, more...

Is an earthquake really a military and security problem? Questions about the securitization of a human catastrophy. From New Orleans to Haiti: the world as a military-industrial opportunity.

Android Security - a POLA system?, more...

A few comments based on a paper by Markus Schlichting on Android security.

Taming Javascript with Caja, more...

In my course on "secure systems and software" we are currently dealing with ways to secure browsers, languages etc. The Caja project is based on an object capability approach and I found the spec. quite readable. Learn how an approach that avoids identity based access control can achieve much safer software extensions and still be mostly compatible.

The Power of Nightmares, more...

The BBC documentary on fear as a political instrument used by neo-conservatives and islamist terrorists.

Socio-technical approaches to security and privacy, more...

A few comments on privacy control, faultless software and self-testing applications from the latest issue of the computer magazine.

Critical Infrastructure Protection (CPI) and the illusion of cyber-terrorism, more...

Why CPI and the warnings of cyber-terrorism only serve to create profits for the security-industrial complex.

Kontrollverluste, more...

A good german book on surveillance and overboarding security in Germany. Emphasizes the importance of the legal system as a defender of civil and public rights in the area of security privatization.

The militarization of internal security - The NeoConOpticon Study, more...

Comments on the latest study by Ben Hayes and the Transnational Institure on how military corporations started to dominate reseach in security as well as the definition of internal security itself. Learn about concepts of total control, full spectrum dominance, crowd control and other ideas financed and implemented completely without democratic control and with the help of specially created "dummy" NGOs. Read it!

Economic reasons for insecure software

A real explanation of the reasons behind insecure software based on an article by Raymond Chen of Microsoft and last years black hat conference talk on Vista security by Sotirov et.al. Backward compatibility kills new security features. But e.g. the Windows business model absolutely relies on backward compatibility: who would buy a new Windows if the old programs do no longer run. And why do the other software companies shun free updates of their software? Read on.

Security Architecture in Browsers and Operating Systems, more...

A collection of interesting papers on Chromium, Vista, tainting, non-determinism by concurrency, Sel4 and anonymity in P2P systems. And about the bad effects of compatibility.