> No security at all is pretty insecure (obviously) Surprisingly that isn't always the case. A situation where there is known to be no system security will often mean the other systems adapt appropriately. Email for example provides no security, because of that other things adapt to cope, including behaviour. The end result at a higher level can still be secure. "I know this machine is probably untrusted so I won't log in via it" and "I'll phone my card details instead" are both secure results. > involved security systems are likely to be not very secure (because they > contain large numbers of defects and/or because they are too hard to > manage effectively). In between those extremes, though, the smooth > relationship breaks down. There's no "optimal" level of complexity > because of dependencies on environmental conditions. The environment is variety that needs to be absorbed. It would seem to be its interactions with the environment (user included) that determine the variety of inputs permissible and thus the complexity. This is why a cashpoint has minimal interface. It is why a lot of industrial control and military systems do one job. It is why basic firewalls are simple. User desktops that work on the "you may only run the exact listed commands, which may use the exact listed files, and run each other in the exact listed way" have been done, but while they work for certain things (eg fixed purpose front desks) they tend to annoy the hell out of anyone else. When you generalise them by making the categories broad you get the Android model which works for certain limited phone cases but even then is not really up to more complex stuff. The firewall case is a good one. A simple firewall reduces the whole security model to a very simple set of questions. When you try to do complex analysis of attacks patterns and detect stuff like post break-in suspicious activity the code in question explodes in complexity at amazing speed. SELinux is the same - login/password is easy, beyond that the complexity of a general purpose desktop is massive Alan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
