Following my previous posts, I've finished working on the draft MSc project draft paper. The paper includes two threat models I already shared previously, one for the Sage open source development process, and another of the application itself - focusing on the Sage Notebook. There's some further analysis, including a look into open source security issues in general, process isolation techniques, virtualisation etc.
The paper is not very practical, i.e. it doesn't actually include any code or spells out exactly how things should be done, but I hope it can give the Sage project some ideas on the security threats and vulnerabilities it faces, and some high level suggestions on how to improve security. The current version is available at http://www.gingerlime.com/20090825_sage_msc_proj_draft.pdf I would highly appreciate any comments or thoughts on the paper, particularly if you feel I did injustice to Sage or made any serious mistakes. Yoav --~--~---------~--~----~------------~-------~--~----~ To post to this group, send an email to [email protected] To unsubscribe from this group, send an email to [email protected] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
