[SC-L] Software Assist to Find Least Privilege
Steven M. Christey
coley at linus.mitre.org
Tue Nov 25 12:56:58 EST 2008
On Tue, 25 Nov 2008, Mark Rockman wrote:
> Assuming this is repeated for every use case, the resulting
> reports would be a very good guide to how CAS settings should be
> established for production. Of course, everytime the program is changed
> in any way, the process would have to be repeated.
Better - and absoutely unachievable any time soon - would be for the
application itself to more explicitly state what its requirements of the
OS are, and what its intended behaviors are. Kind of like SELinux but
simpler. More easily said than done, but until we develop richer models
for representing what an application's legitimate behaviors are, then
automated detection of these types of issues are likely to be difficult.
- Steve
More information about the SC-L
mailing list