Re: ACM Queue article and security education

[George Capehart <gwc () acm org>]

On Wednesday 30 June 2004 12:00, Michael S Hines allegedly wrote:

<snip>

> And then a thought question - in message passing operating systems
> (those that respond to external stimuli, or internal message queues)
> - if one can inject messages into the processing queue, can't one in
> essence 'capture the flag'?

The short version of a very long answer is:  "It's certainly possible, 
but we've been securing message-based systems for a long time and 
understand the attacks and defenses.  Any well-designed message-based 
system includes controls that preserve the confidentiality, integrity 
and availability of the system.  Some even include audit trails, etc."

  Yet we see message passing systems as
> middleware (and OS core technology in some cases) to facilitate cross
> platform interfaces.  Aren't we introducing inherient security flaws
> in the process?

Yes.  See above.  Google for "CORBASec", "DCE Security Service," 
MQSecure.  Go to www.w3c.org, www.oasis-open.org, 
www.projectliberty.org, www.ws-i.org, etc. for the work that's being 
done on securing Web services.  Then go to http://citeseer.ist.psu.edu/ 
and search on terms like Kerberos, SSL, TLS, IPSec, etc.  Then, see 
_Applied_Cryptography_ and _Practical_Cryptography . . .

You are absolutely correct that, left unprotected, message passing 
systems are subject to *all* *sorts* of attacks.  The good news is that 
there are lots of very smart people working on securing them.

Cheers,

George Capehart
-- 
George W. Capehart

Key fingerprint:  3145 104D 9579 26DA DBC7  CDD0 9AE1 8C9C DD70 34EA

"With sufficient thrust, pigs fly just fine."  -- RFC 1925