Presentation is loading. Please wait.

Presentation is loading. Please wait.

The SkyNet Virus Why It Is Unstoppable; How To Stop It By Marc Stiegler

Published byJunior Horace Phillips Modified over 9 years ago

Similar presentations

Presentation on theme: "The SkyNet Virus Why It Is Unstoppable; How To Stop It By Marc Stiegler"— Presentation transcript:

1 The SkyNet Virus Why It Is Unstoppable; How To Stop It By Marc Stiegler marcs@skyhunter.com

2 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 Principle of Least Authority/Privilege  POLA  Thousands of years old

3 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 The Last POLA Violation Humanity Makes Congressman: If you activate SkyNet, it can destroy this supervirus, right? General Brewster: Yes…but while it is activated, it will control all our nuclear missiles. Congressman: But you will control SkyNet, right? General Brewster: [long, long pause]…Yes.

4 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 Lip Service  Firewalls  Access Control Lists  Certificates

5 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869  Every Application is Launched with Grossly Excessive Authority Universal Security Problem: Ambient Authority

6 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 Ubiquitous Excess Authority Guarantees Abuse John Connor: General Brewster, SkyNet is the virus Yahoo Instant Messenger

7 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 Solution: No Default Authority  Only get granted authority by creators, invokers  User Interface Disaster?  Java Web Start, Proof By Disaster

8 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 Solution’s Solution: Bundle Designation with Authority  File Dialog  Drag/Drop  Etc.

9 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 The Golden Triangle Java Applets (impotent) Java Web Start Multi- level Security Virus Checkers Java Apps (insecure) You can have it all! (unusable)

10 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 POLA Inside the Application

11 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 Object-Level Authority Bundling  Granovetter Diagram  Absolute Encapsulation  Only source of authority Alice says: bob.foo(carol)

12 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 Object POLA Boundaries: Almost Free  Taken from “Capability Based Financial Instruments”  Proceedings of Financial Cryptography ’00  Security Is Easy At Finest Grain, Hard Anywhere Else Digital Money with a Capability Secure Language in 1 page

13 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 Trustworthy Programmers Do Not Mean Trustworthy Software

14 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 Ubiquitous POLA Means Trustworthy Software

15 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 Economic Proof Of Unstoppability  Ross Anderson  Fix 95/100 security bugs, cracker who finds only 10 bugs still gets one you missed  Correct for conventional security regimes (perimeter security model)  False! For Ubiquitous POLA Defense In Depth

16 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 Sara Connor: No Fate Except What We Make “It is unthinkable that another thirty years will go by without one of two occurrences: either there will be horrific cyber disasters…or the available technology will be delivered…in products that provide effective security.” --Karger&Schell References: http://www.erights.org http://www.skyhunter.com/marc.html http://www.combex.com

17 Marc Stiegler – http://www.combex.com -- marcs@combex.com – (928) 279-6869 Demo

Download ppt "The SkyNet Virus Why It Is Unstoppable; How To Stop It By Marc Stiegler"

Similar presentations

presents from anywhere… to anywhere… in any format.

presents from anywhere… to anywhere… in any format.
H28.1 6-Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.

H Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.

Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.
Problem Solving Environments: Expectations and Reality Richard Fateman Computer Science Division University of California, Berkeley.

Problem Solving Environments: Expectations and Reality Richard Fateman Computer Science Division University of California, Berkeley.
VM: Chapter 5 Guiding Principles for Software Security.

VM: Chapter 5 Guiding Principles for Software Security.
HACKER NOT CRACKER. HACKER IS  A person who enjoys exploring the details of programmable systems and how to stretch their capabilities  Most often programmers.

HACKER NOT CRACKER. HACKER IS  A person who enjoys exploring the details of programmable systems and how to stretch their capabilities  Most often programmers.
Active X Microsoft’s Answer to Dynamic Content Reference: Using Active X by Brian Farrar QUE

Active X Microsoft’s Answer to Dynamic Content Reference: Using Active X by Brian Farrar QUE
‘SECURITY ISSUES OF P2P COMPUTING’ Presented By Sravan K Abbaraju CS - 843.

‘SECURITY ISSUES OF P2P COMPUTING’ Presented By Sravan K Abbaraju CS
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research

1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
Chapter 9 Security 9.1 - 9.3 Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,

Chapter 9 Security Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,
Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.

Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 1999 by Carnegie.

Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1999 by Carnegie.
AXIS Camera Station Comprehensive video management software for monitoring, recording, playback and event management.

AXIS Camera Station Comprehensive video management software for monitoring, recording, playback and event management.
Agile Testing with Testing Anywhere The road to automation need not be long.

Agile Testing with Testing Anywhere The road to automation need not be long.
Electronic Thesis And Dissertation Database Errors Luke Schmader Ryan Mestre Client: Zhiwu Xie CS4624 5/6/2014.

Electronic Thesis And Dissertation Database Errors Luke Schmader Ryan Mestre Client: Zhiwu Xie CS4624 5/6/2014.
Starting Chapter 4 Starting. 1 Course Outline* Covered in first half until Dr. Li takes over. JAVA and OO: Review what is Object Oriented Programming.

Starting Chapter 4 Starting. 1 Course Outline* Covered in first half until Dr. Li takes over. JAVA and OO: Review what is Object Oriented Programming.
Digital Citizenship By Web Design.  It is a system to teach students and teachers the way to use technology correctly. As new technology appears we all.

Digital Citizenship By Web Design.  It is a system to teach students and teachers the way to use technology correctly. As new technology appears we all.
Viruses.

Viruses.
 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.

 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.
Chapter 5 Security Threats to Electronic Commerce

Chapter 5 Security Threats to Electronic Commerce

Similar presentations

Ads by Google