obviscating python code for distribution

Hans Georg Schaathun hg at schaathun.net
Thu May 19 14:23:28 EDT 2011 

On Thu, 19 May 2011 10:23:47 -0700, geremy condra
  <debatem1 at gmail.com> wrote:
:  Let me get this straight: your argument is that operating *systems*
:  aren't systems?

You referred to the kernel and not the system.  The complexities of
the two are hardly comparable.

There probably are different uses of system; in computer security
literature¹ it often refers, not only to a product (hardware/software)
an actual installation and configuration of that product in a specific
context.  /I/ did not redefine it.

Speaking of reasonable assumptions, one necessary assumption which is
particularly dodgy is that whoever deploys and configures it
understands all the assumptions and do not break them through ignorance.

Is your concern with security purely from a developer's viewpoint,
so that you don't have to worry about the context in which it will
be deployed?

: > So what?  The levels of assurance have nothing to do with standards.
: > The levels of assurance refer to the /confidence/ you can have that
: > the standards are met.
: 
:  The increasing levels of assurance don't just signify that you've
:  checked for problems- it certifies that you don't have them, at least
:  insofar as that level of testing is able to find. Insisting that this
:  doesn't, or shouldn't, translate into tighter security doesn't make
:  much sense.

Tighter sure, but the security requirements and the requirement on
testing and/or validation are orthogonal scales.  The higher levels
of assurance are based on formal methods while the lower ones are based
primarily on testing.  

I read your initial comment to imply that if you cannot get satisfactory
assurance using the lower levels, you won't get any at the higher
levels.  That does not make any sense.  Obviously, if you were implying
that no system passes the lower levels, then of course they won't pass
the higher levels, but then, if that's the case, we would all know that
we cannot even design /seemingly/ secure systems.  And nobody has
suggested that so far.


¹ e.g. Dieter Gollmann for just one ref off the top of my head.
-- 
:-- Hans Georg

More information about the Python-list mailing list