Download presentation
Presentation is loading. Please wait.
Published byIvy Hartnell Modified over 10 years ago
1
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems are becoming popular and ubiquitous,and while…the security issues that these systems raise must now be dealt with more thoroughly. presented by Wei Zhong
2
Outline Introduction Common Assumptions & Their Violations Conclusion
3
Introduction What are mobile code systems? - In mobile code systems, programs or processes travel from a server to a client, then execute on the client after arrival. Mobile code systems raise new security issues. - e.g. CHRISTMA EXEC, internet worms Why? - The mobile code systems violate a number of assumptions, and most existing computer security systems are based on them.
4
Common Assumptions & Their Violations Identity Assumptions 1. Whenever a program attempts some action, we can easily identify a person to whom that action can be attributed, and it is safe to assume that that person intends the action to be taken. Violation by mobile code systems: When a program attempts some action, we may be unable to identify a person to whom that action can be attributed, and it is not safe to assume that any particular person intends the action to be taken. - e.g. email virus
5
Common Assumptions & Their Violations(cnt.) Identity Assumptions 2. There is one security domain corresponding to each user; all actions within that domain can be treated the same way. Violation by mobile code systems: There are potentially many security domains corresponding to each user; different actions initiated by the same user may need to be treated differently. - Different programs may have different level of trust. - The programs which have different level of trust must be treated differently.
6
Common Assumptions & Their Violations(cnt.) Trojan Horses are rare Users think: Essentially all programs are obtained from easily-identifiable and generally trusted sources. users think: Why ? because users think: - Attackers would be - Attackers would be unlikely to escape detection and punishment. - Commercial custom and law place some restraints. Violation by mobile code systems: In mobile code systems, many programs may be obtained from unknown or untrusted sources. - e.g. download files from an unknown site
7
Common Assumptions & Their Violations(cnt.) The origin of attacks Significant security threats come from attackers running programs with the intent of accomplishing unauthorized results. - Most computer security efforts go into user authentication (id, password etc). Violation by mobile code systems: Significant security threats come from authorized users running programs which take advantage of the users rights in order to accomplish undesirable results. - Authentication systems are unable to prevent authorized users attack.
8
Common Assumptions & Their Violations(cnt.) Programs stay put Programs or processes are immobile, they run entirely on one machine or one particular operating system. Computer security is provided by the operating system. Violation by mobile code systems: Programs cross administrative boundaries often, can arrange for their own transmission and reproduction. …Computer security may not be provided by the operating system; … - e.g. internet worms, distributed-processing system.
9
Conclusion All network developers and users should know at least a little bit about Assumption Violation by Mobile Code Systems. This article is an excellent introduction. * Question: Could you explain how setuid feature of Unix violates Identity Assumption ?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.