Learn something new every day: NEAT

Recently read an article on Multiple Independent Levels of Security (MILS) which used an acronym whose concepts I was familiar with, but that I had not heard before: NEAT. It stands for:

  1. Non-bypassable
  2. Evaluatable
  3. Always-invoked
  4. Tamperproof
In a recent class, I commented on applying three of these to reference monitors and trusted computing bases:
  1. tamper proof
  2. non-bypassable
  3. small enough/simple enough that it can be thoroughly tested for correctness
In retrospect, I probably should have mentioned to them the idea of "always-invoked" (note to self: include that in next class revision) and I probably could have saved some bandwidth by substituting in the much shorter word "evaluatable".

Well...you learn something new all the time, and for me, that is NEAT!


P.S. NEAT gets mentions on page two of the four page article.

Lies, damn lies and statistics...

The following linked article from ComputerWorld UK has some interesting quotes about the growth of Windows operating systems in running a number of supercomputers. Apparently Windows has increased their market share by 400%, while in the same period, Linux only increased its market share by only 51%. This sounds pretty impressive, until you take the time to look at the numbers behind the numbers.

Read the article to see what I mean!

One of the principles I share with my students is to try to look at things with a critical eye. This is a great example of how numbers can be misleading.



More secure workstations in the federal government?

The new Federal Desktop Core Configuration standard just kicked in. This standardized configuration for government computers should help to limit some of the crazy misconfigurations we see in many government computers. For more info on the FDCC and the sister project Security Content Automated Protocol (SCAP) you can go to these web-sites:


Logical vs Emotional Fears...

Disregarding the fact that fear is emotional by nature, I recently engaged my students in a discussion of whether our fears are based on:

  • something logical, reasonable and quantifiable OR
  • something rooted in emotion or gut reaction
Shortly after we had that discussion, I came across this article in Psychology Today and wanted to share it with you...
Ten Ways We Get the Odds Wrong

There is a quiz at the end of the article. Good luck.


DHS funding something worthwhile?

Bruce Schneier linked to an interesting factoid about the Department of Homeland Security.  Seems they are funding scans of a number of open source software project codebases to check for flaws and defects.  Coverity is providing the scanner and the software packages include some big ticket items...including a number of items that form the backbone of the Internet (Apache, Linux, etc).  Because of the scans, over 7,000 flaws have been fixed to date.  The comments by the readers are pretty insightful.  I posted my own comment in the mix, just for good measure.