1. 9
    "Thirty Years Later: Lessons from the Multics Security Evaluation", Paul Karger, Roger Schell (2002) pdf practices security acsac.org
    trn avatar via trn 4 months ago | cached | 1 comment

Key quotes:

  • Multics offered considerably stronger security than most systems commercially available today.

  • The unpleasant conclusion is that although few, if any, fundamentally new vulnerabilities are evident today, today’s products generally do not even include many of the Multics security techniques, let alone the enhancement identified as “essential.”

  • Security has gotten worse, not better. Today, government and commercial interest in achieving processing and connectivity encompassing disparate security interests is driving efforts to provide security enhancements to contemporary operating systems. These efforts include the addition of mandatory access controls and “hardening” (i.e., the removal of unnecessary services.) Such enhancements result in systems less secure than Multics, and Multics, with its security enhancements, was only deemed suitable for processing in a relatively benign “closed” environment.

  • In our opinion this is an unstable state of affairs. It is unthinkable that another thirty years will go by without one of two occurrences: either there will be horrific cyber-disasters that will deprive society of much of the value computers can provide, or the available technology will be delivered, and hopefully enhanced, in products that provide effective security.

… and now, 16 years since this paper was published, I would argue very little has changed on a fundamental level….

  1.  

  2. 6
    trn avatar trn edited 4 months ago | link

    Anyone with further interest can access my public Multics system. It should be noted that, at least as of today, I have a higher level of confidence in the Multics instance than most everything else I operate, with a concern that the security of the Multics system is certainly not enhanched by underlying hardware and software which hosts the DPS-8/M virtual machine.

    It should also be noted that (IMHO) many of the more promising security technologies and enhancements have resulted in a net loss of confidence in systems because they have been weaponized against computer users and owners (DRM, TPM, SMM, ME, etc.)

    It’s also quite depressing that most security “bolt-ons” (PI firewalling/filtering, access control lists, multilevel labeling, mandatory access controls, capabilities, role-based access controls, SELinux, etc.) are ubiquitously available but remain non-standard, underutilized, minimally configured, and are often consciously disabled for ease of use or compatability concerns.