the skynet virus why it is unstoppable; how to stop it by marc stiegler [email protected]
TRANSCRIPT
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
Principle of Least Authority/Privilege
POLA Thousands of years old
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
The Last POLA Violation Humanity Makes
Congressman: If you activate SkyNet, it can destroy this supervirus, right?
General Brewster: Yes…but while it is activated, it will control all our nuclear missiles.
Congressman: But you will control SkyNet, right?
General Brewster: [long, long pause]…Yes.
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
Lip Service
Firewalls Access Control Lists Certificates
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
Every Application is Launched with Grossly Excessive Authority
Universal Security Problem: Ambient Authority
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
Ubiquitous Excess Authority Guarantees Abuse
John Connor: General Brewster, SkyNet is the virus
Yahoo Instant Messenger
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
Solution: No Default Authority
Only get granted authority by creators, invokers
User Interface Disaster? Java Web Start, Proof By Disaster
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
Solution’s Solution: Bundle Designation with Authority
File Dialog Drag/Drop Etc.
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
The Golden Triangle
JavaApplets(impotent)
Java Web Start
Multi-level
Security
VirusCheckers
JavaApps
(insecure)
You can have it all!
(unusable)
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
POLA Inside the Application
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
Object-Level Authority Bundling
Granovetter Diagram
Absolute Encapsulation
Only source of authority
Alice says:bob.foo(carol)
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
Object POLA Boundaries: Almost Free
Taken from “Capability Based Financial Instruments”
Proceedings of Financial Cryptography ’00
Security Is Easy At Finest Grain, Hard Anywhere ElseDigital Money with a Capability
Secure Language in 1 page
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
Trustworthy Programmers Do Not Mean Trustworthy Software
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
Ubiquitous POLA Means Trustworthy Software
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
Economic Proof Of Unstoppability
Ross Anderson Fix 95/100 security bugs, cracker
who finds only 10 bugs still gets one you missed
Correct for conventional security regimes (perimeter security model)
False! For Ubiquitous POLA Defense In Depth
Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869
Sara Connor: No Fate Except What We Make
“It is unthinkable that another thirty years will go by without one of two occurrences: either there will be horrific cyber disasters…or the available technology will be delivered…in products that provide effective security.” --Karger&Schell
References:
http://www.erights.orghttp://www.skyhunter.com/marc.htmlhttp://www.combex.com