in WWW Security List Archive
Re: Barring Bros Was:Re: SLL protocol implementation ?
daemon@ATHENA.MIT.EDU (Owen Rees)
Thu Mar 2 03:39:34 1995
In-Reply-To: Message from "vsadec::xdec002"@EMNGW1.emn.com of Tue, 28 Feb 1995
Date: Wed, 01 Mar 1995 16:49:10 +0000
From: Owen Rees <email@example.com>
> I missed the Barring Brothers news, where could I get background on what happened
> and how it happened?
See the news and finance pages of any serious newspaper - if you cannot stand
the thought of dead trees, go to <URL:http://www.telegraph.co.uk/>, register
yourself, then look at today's "front page" story about the wife of the "rogue
trader" - it appears that she worked in the back office of Barings' Singapore
operation where her husband's trading activities were monitored.
It is not clear that the suggested technical measures would have prevented the
Baring Bros collapse, for a variety of reasons.
The attempt to put together a rescue package apparently failed because there
is an unlimited potential loss in the kind of option trading that was
involved. One banker was quoted as saying it was a "financial black hole".
Even if the board of Barings had been prepared to issue a certificate "Valid
up to $10^9" (approx the current estimated loss), this would not be enough to
cover the deal. A further problem is that it was not one large deal, but a
number of moderate sized deals. This takes the problem into the same area as
e-cash - you need a "useable once only" or "usable only up to some total"
A "Valid if countersigned" certificate requirement would introduce the
separation of duty principle but would insert a delay, thus limiting the
opportunity to make money by predicting share price or exchange rate
fluctuations. The existing separation of duty that exists in the form of
monitoring by the back office was not sufficient to prevent the losses in this
case, but it is not clear that this was a problem with the reporting
mechanisms themsleves. It has been claimed that Leeson filed false records
indicating that the risk had been offloaded to investors, suggesting that the
problem was in the input data rather than in the reporting mechanism or back
The general idea of having fine grained control of the delegation of rights is
a good one, especially as people seem to be determined to use WWW technology
to build large scale federated distributed systems. The TAOS system, and its
underlying theory of authentication is the best example I know of the
theoretical and practical machinery you need in this sort of context. (See ACM
TOCS 10,4 for the theory, and 14th SOSP/OSR 27,5=DEC SRC-117 for a description
of the implementation.) There is also the OMG CORBA security proposal
submission deadline next week, so those of us interested in WWW/CORBA
interoperability will have a chance to worry about how to achieve secure
Defining the framework within which the rules can be defined and enforced is a
worthwhile task. Those who have a particular problem can go ahead and define
the specific rules that apply to their problem. I think it is best to leave
the definition of the specific rules to the problem owners, or to those
working directly with the problem owners. It is not unknown for good strategic
solutions to be rejected because of errors in the detail of the examples used
to present them.
Owen Rees <firstname.lastname@example.org>
Information about ANSA is at <URL:http://www.ansa.co.uk/>.