[489] in WWW Security List Archive

home help back first fref pref prev next nref lref last post

Re: Barring Bros Was:Re: SLL protocol implementation ?

daemon@ATHENA.MIT.EDU (Owen Rees)
Thu Mar 2 03:39:34 1995

To: www-security@ns2.rutgers.edu
In-Reply-To: Message from "vsadec::xdec002"@EMNGW1.emn.com of Tue, 28 Feb 1995 
 15:34:06 -0500.
             <0098CAA9.303CE280.6@stc150.kpt.emn.com> 
Date: Wed, 01 Mar 1995 16:49:10 +0000
From: Owen Rees <rtor@ansa.co.uk>
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu

"vsadec::xdec002"@EMNGW1.emn.com writes:
> I missed the Barring Brothers news, where could I get background on what happened
> and how it happened?

See the news and finance pages of any serious newspaper - if you cannot stand 
the thought of dead trees, go to <URL:http://www.telegraph.co.uk/>, register 
yourself, then look at today's "front page" story about the wife of the "rogue 
trader" - it appears that she worked in the back office of Barings' Singapore 
operation where her husband's trading activities were monitored.

It is not clear that the suggested technical measures would have prevented the 
Baring Bros collapse, for a variety of reasons.

The attempt to put together a rescue package apparently failed because there 
is an unlimited potential loss in the kind of option trading that was 
involved. One banker was quoted as saying it was a "financial black hole". 
Even if the board of Barings had been prepared to issue a certificate "Valid 
up to $10^9" (approx the current estimated loss), this would not be enough to 
cover the deal. A further problem is that it was not one large deal, but a 
number of moderate sized deals. This takes the problem into the same area as 
e-cash - you need a "useable once only" or "usable only up to some total" 
certificate.

A "Valid if countersigned" certificate requirement would introduce the 
separation of duty principle but would insert a delay, thus limiting the 
opportunity to make money by predicting share price or exchange rate 
fluctuations. The existing separation of duty that exists in the form of 
monitoring by the back office was not sufficient to prevent the losses in this 
case, but it is not clear that this was a problem with the reporting 
mechanisms themsleves. It has been claimed that Leeson filed false records 
indicating that the risk had been offloaded to investors, suggesting that the 
problem was in the input data rather than in the reporting mechanism or back 
office analysis.

The general idea of having fine grained control of the delegation of rights is 
a good one, especially as people seem to be determined to use WWW technology 
to build large scale federated distributed systems. The TAOS system, and its 
underlying theory of authentication is the best example I know of the 
theoretical and practical machinery you need in this sort of context. (See ACM 
TOCS 10,4 for the theory, and 14th SOSP/OSR 27,5=DEC SRC-117 for a description 
of the implementation.) There is also the OMG CORBA security proposal 
submission deadline next week, so those of us interested in WWW/CORBA 
interoperability will have a chance to worry about how to achieve secure 
interoperability.

Defining the framework within which the rules can be defined and enforced is a 
worthwhile task. Those who have a particular problem can go ahead and define 
the specific rules that apply to their problem. I think it is best to leave 
the definition of the specific rules to the problem owners, or to those 
working directly with the problem owners. It is not unknown for good strategic 
solutions to be rejected because of errors in the detail of the examples used 
to present them.

Regards,
  Owen Rees <rtor@ansa.co.uk>
Information about ANSA is at <URL:http://www.ansa.co.uk/>.


home help back first fref pref prev next nref lref last post