Just a short note to let folks know that I will be at
PDC next week, giving a
talk on developing applications for standard user. Much of what I have to say will be familiar to fans of things like standard user and privilege levels. The new content this time is an architectural view of the
right way and the
wrong way for a software developer to use an elevated DCOM object to perform privileged operations. If you are going to be at PDC, please come to my talk, or feel free to just stop me if you see me around for a chat. I should be lurking around all of Tuesday and Wednesday, including the
"Ask the experts" session.
Anonymous comments are disabled
About crispincowan
"Reliable software does what it is supposed to. Secure software does what it is supposed to, and nothing else." -- Ivan Arce
Thus software security is very simple: only use perfect software :-)
There being a supply shortage of perfect software, to secure systems we must do something else to ensure that software does not mis-behave when fed "interesting" input by attackers.
At extreme detail, we can specify exactly everything the program may do. This is called "the code" and we already know we can't get that right.. So we must abstract what is allowed and what is not into useful classifications.
But if we get these classifications wrong, say "no" to access too often, or at the wrong times, security becomes painful. If we fix that by making security complicated, it is still painful. Which is why most users choose no security and hope for the best.
Designing secure solutions that are effective AND easy to live with is what I do. I invented the StackGuard method of compiled buffer overflow protection, now used in both GCC and Microsoft Visual Studio. I designed the Immunix/Novell AppArmor application security system: standard access control security, with revolutionary ease of use.
I now work for Microsoft, applying these same principles to the problem of enhancing Windows security.
