[cap-talk] The Limits of POLA's Utility - Social Engineering

Toby Murray toby.murray at dsto.defence.gov.au
Wed Jun 7 21:48:08 EDT 2006 

Stiegler, Marc D wrote:

> CapDesk can make it very clear that you are about to grant an
>
>application an excess of authority. Have you read Granma's Rules of
>POLA? 
>
Yes. I think they're good rules that should keep you safe in a POLA 
environment.

>Ken Kahn came up with enhancements to the installation system that
>work even better than Granma's Rules, sort of by embedding the rules in
>the installation tool. 
>
Is this described anywhere? One thing with CapDesk I've never been able 
to find a good document that describes how it all works.

>If you follow the rules, you are in good shape.
>Granma will be safe in the face of the virus you just described. The
>creep in the scenario might not be safe, but the rest of us will be. 
>  
>
I'm not saying we need to be helping the creeps :)
Just to play devil's advocate. The scenario I'm describing only requires 
Bob to give the virus the authority to connect to Alice's machine. I 
think the user would grant this authority without violating Gramma's 
Rules of POLA. The virus still has the authority to track how it (the 
virus) itself is being used to access Alice's files and therefore gather 
the incriminating evidence against Bob. So it can still be successful 
with very little authority being granted to it.

Continuing the Devil's advocate role: Thus, I think even Gramma 
(following her rules of POLA) might still be vulnerable in some 
(unlikely) cases. What if she's had a long running dispute with a 
neighbour. This neighbour of hers has evidence on their computer that 
Gramma could use to win the dispute but they've been unwilling to give 
it to her. In this case, the incentive for Gramma to use the virus is 
there. She may even feel that she's not violating the rights of the 
neighbour because the neighbour "should" be giving her the evidence in 
the first place (even by law. The neighbour could be acting illegally by 
not providing the evidence). In this case, she still needs to be aware 
of the risks though. I'm not sure that Gramma's rules of POLA inform her 
much of the risks in this case. Please correct me though if I've 
misunderstood them.

-- 
Toby Murray
Advanced Computer Capabilities Group
Information Networks Division
DSTO, Australia

IMPORTANT: This e-mail remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the
Crimes Act 1914. If you have received this e-mail in error, you are
requested to contact the sender and delete the e-mail.

More information about the cap-talk mailing list