90 likes | 244 Views
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA. “Mobile code systems are becoming popular and ubiquitous,and while…the security issues that these systems raise must now be dealt with more thoroughly.”
E N D
Security Issues in Mobile Code SystemsDavid M.Chess, High Integrity Computing Lab,IBM T.J. Watson Research CenterHawthorne, NY, USA “Mobile code systems are becoming popular and ubiquitous,and while…the security issues that these systems raise must now be dealt with more thoroughly.” presented by Wei Zhong
Outline • Introduction • Common Assumptions & Their Violations • Conclusion
Introduction • What are mobile code systems? - In mobile code systems, programs or processes travel from a server to a client, then execute on the client after arrival. • Mobile code systems raise new security issues. - e.g. CHRISTMA EXEC, internet worms • Why? - The mobile code systems violate a number of assumptions, and most existing computer security systems are based on them.
Common Assumptions & Their Violations • Identity Assumptions 1. “Whenever a program attempts some action, we can easily identify a person to whom that action can be attributed, and it is safe to assume that that person intends the action to be taken.” Violation by mobile code systems: “When a program attempts some action, we may be unable to identify a person to whom that action can be attributed, and it is not safe to assume that any particular person intends the action to be taken.” - e.g. email virus
Common Assumptions & Their Violations(cnt.) • Identity Assumptions 2. “There is one security domaincorresponding to each user; all actions within that domain can be treated the same way.” Violation by mobile code systems: “There are potentially many security domains corresponding to each user; different actions initiated by the same user may need to be treated differently.” - Different programs may have different level of trust. - The programs which have different level of trust must be treated differently.
Common Assumptions & Their Violations(cnt.) • Trojan Horses are rare Users think: “Essentially all programs are obtained from easily-identifiable and generally trusted sources.” Why ? because users think: - Attackers would be unlikely to escape detection and punishment. - Commercial custom and law place some restraints. Violation by mobile code systems: “In mobile code systems, many programs may be obtained from unknown or untrusted sources.” - e.g. download files from an unknown site
Common Assumptions & Their Violations(cnt.) • The origin of attacks “Significant security threats come from attackers running programs with the intent of accomplishing unauthorized results.” - Most computer security efforts go into user authentication (id, password etc). Violation by mobile code systems: “Significant security threats come from authorized users running programs which take advantage of the user’s rights in order to accomplish undesirable results.” - Authentication systems are unable to prevent authorized users’ attack.
Common Assumptions & Their Violations(cnt.) • Programs stay put Programs or processes are immobile, they run entirely on one machineor one particular operating system. “Computer security is provided by the operating system.” Violation by mobile code systems: “Programs cross administrative boundaries often, can arrange for theirown transmission and reproduction. …Computer security may not be provided by the operating system; …” - e.g. internet worms, distributed-processing system.
Conclusion • All network developers and users should know at least a little bit about Assumption Violation by Mobile Code Systems. • This article is an excellent introduction. * Question:Could you explain how “setuid” feature of Unix violates Identity Assumption ?