[cgl_discussion] Latest draft on security requirements

Mika Kukkonen mika at osdl.org
Tue Nov 12 13:50:52 PST 2002

On ti, 2002-11-12 at 12:12, Stephen Hemminger wrote:
> A couple of questions:
> a) What if any of this is unique to carrier grade systems? Isn't most of
> this a generic "hostile environment" server requirement. What makes
> Ericsson any more or less demanding than Ebay or Yahoo?

If Yahoo or Ebay becomes compromised, they will probably lose some
significant amount of money. If telecom network gets compromised and
the fault can be pointed to TEM's unsecure implementation, the TEM
in question will lose significant amount of money _and_ can expect a
"visit" from local authorities ... See the difference?

Or to say it shortly, security requirements for telecom systems
are defined and written by goverment agencies, not by paid-by-hour

> b) What is the "Thread Model" for carrier grade systems?  A threat model
> is a business level description which describes what the risk and
> exposure is and allows sizing the expense of fixing it.  

So you are asking us to write a sizable document about threat models?
Let me make a counter-proposal: you write a document describing the
threat models of DCL systems, and we CGL people will be happy to point
out the differences of our respective models :-)

> Lots of the solutions described may be expensive to implement and not
> match real threats. Other ones like signed binaries are easily overcome
> without a trusted computing base in the kernel.

Read the document. It describes four levels of security, from "no
security" to "paranoid". There is probably a need for all four levels
in carrier grade environment, and the solutions used will vary

"Good ideas do not die, they just lie down and get recycled." -- me

More information about the cgl_discussion mailing list