[4760] in WWW Security List Archive
Re: Why do you think you can trust PC software? (was Re: Latest Java hole is Netscape/Sun only)
daemon@ATHENA.MIT.EDU (Jay Heiser)
Tue Mar 11 12:10:28 1997
Date: Tue, 11 Mar 1997 09:41:52 -0500
From: Jay Heiser <Jay@homecom.com>
Reply-To: jay@homecom.com
To: WWW-SECURITY@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Jacob Rose wrote:
>
> > Of course there is risk, but worthwhile activity lacks that?
> > Show me an example of PC software that you would consider
> > 'trustworthy'.
>
> That being the case, doesn't it just turn the issue around and scream,
> "Hey! *All* programs should be running in appropriately sized sandboxes,
> with access only to that functionality which they should rightfully need."
> Jacob Rose
This would be great. You understood my point exactly. It would solve
the problem of computer viruses, mitigate damage from buggy code, and
while users could still shoot themselves in the foot, maybe they
couldn't easily commit digital suicide. Unfortunately, I don't think
its commercially practical. Attempts to do something like this have not
been runaway successes. You could argue that Compartmented Mode
Workstation is designed to operate like this, but it isn't very
flexible.
I think that the Java security model is working towards something like
this. Implementation bugs aside, let's assume that the sandbox is
solid. You will be able to execute anything you find on the web safely,
without concern. Unfortunately, you cannot do a lot of useful things,
like save files locally, or update your home bank records. Next we need
a more flexible security configuration that allows you to selectively
loosen security restrictions based on something that you trust, like a
digital signature (assume an efficient and reliable infrastructure that
lets you verify a signature to make sure that it is real and hasn't been
invoked).
If you want to trust your bank's digital signature, you should be able
to let the bank's Java applet selectively modify data on your
PC--without concern that it could ever pollute anything else on your PC.
Given that current desktop operating systems do not provide this
capability, we have to rely on kludgy add-ons. The idea of an
intrinsically safe operating system is very appealing.
--
Jay Heiser
