The final project paper is now available at
http://www.gingerlime.com/20090901_securing_sage_notebook.pdf
Thanks again to everybody who helped figuring out the architecture,
giving feedback and discussing ideas for improving the notebook's
security.
Yoav
--~--~-~--~~~
Thanks for the feedback, and apologies for not replying earlier. I
have posted an updated draft on
http://www.gingerlime.com/20090829__sage_msc_proj_draft.pdf
Please see sections 4.1 and 5.4.4 where I documented the sagenb.org
setup more clearly. I mentioned it is already using virtualisation an
Don't know if anyone's interested, but I've converted the sage vmware
image to run on virtualbox, and had it running both under Ubuntu and
Mac hosts a while ago.
The steps I followed (apologies if it's wrong, I just scribbled it
down as I was doing it, so may have left something)
1. Import the v
Following my previous posts, I've finished working on the draft MSc
project draft paper. The paper includes two threat models I already
shared previously, one for the Sage open source development process,
and another of the application itself - focusing on the Sage Notebook.
There's some further a
On Aug 23, 4:51 pm, Alex Clemesha wrote:
> On Fri, Aug 21, 2009 at 5:56 PM, Yoav Aner wrote:
>
> > Sounds like a great idea to me to de-couple the notebook from sage.
> > Appengine is not the only option though (but maybe the cheapest at
> > least for now), you could pr
On Aug 22, 6:04 am, Thierry Dumont wrote:
> Yoav Aner a écrit :
>
> > only web-based requests. Google also try to push users to have a
> > google account to authenticate. It might be a good or a bad thing,
> > depending on your perspective. Amazon EC2 in that re
Sounds like a great idea to me to de-couple the notebook from sage.
Appengine is not the only option though (but maybe the cheapest at
least for now), you could probably use an Amazon EC2 instance just as
easily (and with some more facilities at your disposal, having a
virtual server running).
So
The other chapters are where the REALLY interesting stuff is. This is
just a taste to get you hooked... :)
On a more seriously note - other chapters cover the previous threat
model of the Sage development process (see other post), as well as
information about the threat model methodology, backgro
This is a follow-up on my previous post on
http://groups.google.com/group/sage-devel/msg/1f851e27f5500712 - which
(for obvious reasons) generated overwhelming response :)
I have now completed the first 'official' draft of the Sage Notebook
threat model. It is available on
http://www.gingerlime.c
Some updates on the sage notebook security review project I'm working
on:
First threat model for the development process:
The model I created might apply to other open source applications or
systems, or even not purely open source ones, as it is focused on the
development process, code changes /
Thank you for useful points / comments and for the pointers to how
sage works in particular. I certainly have more information to get
started now, though I'm sure I'll end up with more questions sooner or
later...
I'm guessing the answer is no, but are there any high or lower level
diagrams to he
m I asking too many
questions? (ok, I'll stop there...)
Thanks in advance
Yoav
On Jun 3, 10:18 am, Yoav Aner wrote:
> Hello all,
>
> This is my first post. My name is Yoav, and I'm studying for an
> Information Security MSc at Royal Holloway, University of London. I
Hello all,
This is my first post. My name is Yoav, and I'm studying for an
Information Security MSc at Royal Holloway, University of London. I'm
starting to work on a project proposed by Martin Albrecht, to look at
several security aspects of the Sage Notebook server.
The MSc project is primaril
13 matches
Mail list logo