Secure Coding mailing list archives
Re: DJB's students release 44 poorly-worded, overblown advisories
From: karger () watson ibm com
Date: Wed, 22 Dec 2004 17:33:24 +0000
ljknews writes:
Date: Mon, 20 Dec 2004 13:16:59 -0500 From: ljknews <[EMAIL PROTECTED]> Subject: [SC-L] Re: DJB's students release 44 poorly-worded, overblown adv= isories At 11:09 AM -0500 12/20/04, Paco Hope wrote:I mean, if these things are "remote exploits," I could say "The entire OpenBSD operating system is remotely exploitable: if I email you an OpenBS=Dbinary and you execute it, I 0wn you." Well, duh.That risk is mitigated when an operating system has mandatory access controls (MAC) arranged so that users are not permitted to execute programs which they create or import. That capability is not quite within the Biba Integrity Extensions to the Bell-Lapadula model, but it is close. On most important systems there is no need for the users to be able to provide executable which they then run. Executables are provided by the system manager. - -- Larry Kilgallen
This should be no surprise. The Bell and Lapadula model and the Biba model were explicitly designed to deal with precisely this kind of Trojan horse threat. They both presume the presence of arbitrarily malicious applications code. Bell and LaPadula prevents the malicious code from leaking copies of secret information to people who are not properly authorized. Biba prevents prevents a process that is handling data that requires high integrity from either executing untrusted code or from reading untrusted data that could facilitate a data-driven attack. Biba constrains such a process to only executing trusted code and reading trusted data. Of course, deciding which code and data should be trusted is a much harder problem! See this paper for some ideas on that handling that harder problem: Schellhorn, G., W. Reif, A. Schairer, P. Karger, V. Austel, and D. Toll. Verification of a Formal Security Model for Multiapplicative Smart Cards. in 6th European Symposium on Research in Computer Security (ESORICS 2000). 4-6 October 2000, Toulouse, France:Lecture Notes in Computer Science Vol. 1895. Springer-Verlag. p. 17-36. - Paul
Current thread:
- Re: DJB's students release 44 poorly-worded, overblown advisories karger (Dec 22)