the skynet virus why it is unstoppable; how to stop it by marc stiegler [email protected]

17
The SkyNet Virus Why It Is Unstoppable; How To Stop It By Marc Stiegler [email protected]

Upload: junior-horace-phillips

Post on 18-Dec-2015

216 views

Category:

Documents


0 download

TRANSCRIPT

The SkyNet Virus

Why It Is Unstoppable;How To Stop It

By Marc Stiegler [email protected]

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Principle of Least Authority/Privilege

POLA Thousands of years old

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

The Last POLA Violation Humanity Makes

Congressman: If you activate SkyNet, it can destroy this supervirus, right?

General Brewster: Yes…but while it is activated, it will control all our nuclear missiles.

Congressman: But you will control SkyNet, right?

General Brewster: [long, long pause]…Yes.

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Lip Service

Firewalls Access Control Lists Certificates

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Every Application is Launched with Grossly Excessive Authority

Universal Security Problem: Ambient Authority

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Ubiquitous Excess Authority Guarantees Abuse

John Connor: General Brewster, SkyNet is the virus

Yahoo Instant Messenger

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Solution: No Default Authority

Only get granted authority by creators, invokers

User Interface Disaster? Java Web Start, Proof By Disaster

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Solution’s Solution: Bundle Designation with Authority

File Dialog Drag/Drop Etc.

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

The Golden Triangle

JavaApplets(impotent)

Java Web Start

Multi-level

Security

VirusCheckers

JavaApps

(insecure)

You can have it all!

(unusable)

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

POLA Inside the Application

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Object-Level Authority Bundling

Granovetter Diagram

Absolute Encapsulation

Only source of authority

Alice says:bob.foo(carol)

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Object POLA Boundaries: Almost Free

Taken from “Capability Based Financial Instruments”

Proceedings of Financial Cryptography ’00

Security Is Easy At Finest Grain, Hard Anywhere ElseDigital Money with a Capability

Secure Language in 1 page

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Trustworthy Programmers Do Not Mean Trustworthy Software

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Ubiquitous POLA Means Trustworthy Software

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Economic Proof Of Unstoppability

Ross Anderson Fix 95/100 security bugs, cracker

who finds only 10 bugs still gets one you missed

Correct for conventional security regimes (perimeter security model)

False! For Ubiquitous POLA Defense In Depth

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Sara Connor: No Fate Except What We Make

“It is unthinkable that another thirty years will go by without one of two occurrences: either there will be horrific cyber disasters…or the available technology will be delivered…in products that provide effective security.” --Karger&Schell

References:

http://www.erights.orghttp://www.skyhunter.com/marc.htmlhttp://www.combex.com

Marc Stiegler – http://www.combex.com -- [email protected] – (928) 279-6869

Demo