Artifact Content
Not logged in

Artifact feb71f02c11be824a9429dbde798a39e346dcc87:

Wiki page [Experiment: mmmv_silkexec] by martin_vahi on 2017-01-07 17:30:11.
D 2017-01-07T17:30:11.115
L Experiment:\smmmv_silkexec
P 0d29e4aa0bdbf5673d4dc7bf5e75f4b8731171e7
U martin_vahi
W 2444
<p>A mmmv_silkexec application is wrapper to other applications, including
other mmmv_silkexec applications. The purpose of the wrapping is to use extra
tags and user specific configuration parameters for using the wrappable
application.</p>

<p>The mmmv_silkexec consists of the following parts:</p>

<p></p>
<ul>
<li>An application for maintaining the tags, for example, tester specific test
results.</li>
<li>An operating system specific wrapper of a jail implementation for executing
mmmv_silkexec applications.</li>
<li>An application for maintaining mmmv_silkexec local installation specific
configuration.<br>
</li>
</ul>

<p></p>

<p>No technical solution is going to compensate for crappy work, because
technical tools can be switched off or the original authors of software may
leave edge cases out of consideration, but the <b>main idea behind the
mmmv_silkexec is to allow the execution of only those mmmv_silkexec
applications that have been tested and/or verified by a trusted party.</b>&nbsp;The
executable mmmv_silkexec application must have only dependencies that have also
been verified and/or tested by trusted parties.&nbsp;</p>

<p>Different parties trust different other parties. Trust is a multidimensional
value. A very kindhearted and not corrupt person can be totally untrustworthy
from their capabilities point of view. On the other hand, sometimes, at some
narrow contexts, enemies can be more trustworthy than friends. For example,
enemies might have a good track record of fine skills and being rigorous and
they might use some component, software package, at some security wise
extremely critical role, while being very rigorous at the construction of their
software component.<br>
</p>

<p>Given that
<a href="http://martin.softf1.com/g/yellow_soap_opera_blog/the-future-of-security-audits-episode-0">the
only proper way to verify/review code is a fully automated way</a><i>(<a href="https://archive.is/h3HJ4">archival
copy</a>)</i>, there has to be a way to subscribe to the testing/verification
system of the trusted parties. To avoid a Denial of Service attack by hacking
into the testing/verification systems of one of the trusted parties, the local
settings of the mmmv_silkexec should treat a test failure of a formerly
accepted component as a timed warning, where the warning state moves to a
blocked/failed state with a delay. The delay gives the trusted party time to
handle the hack.</p>

<p><br>
</p>

Z d6ebd2034563fa1b340bb3e7337ec522