[cap-talk] Selling capabilities programming
Marcus Brinkmann
marcus.brinkmann at ruhr-uni-bochum.de
Wed Jul 25 14:12:48 EDT 2007
At Wed, 25 Jul 2007 13:10:29 +0200,
Pierre THIERRY <nowhere.man at levallois.eu.org> wrote:
>
> Scribit Marcus Brinkmann dies 25/07/2007 hora 12:09:
> > But personally, I wouldn't lose any sleep over covert channels, and so
> > would most other people, I guess.
>
> On the other hand, if you don't even really try to reduce the bandwidth
> of covert channels, what's the point in working on overt ones?
I don't know what mean by "working on overt" channels. Can you
clarify?
Note that the type of covert channels discussed require two
cooperating malicious processes. There is a qualitative difference to
a scenario where a malicious process wants to snoop on a trustworthy
process. Maybe this already answers your question.
> That's
> like installing a huge reinforced security steel door in a house that
> has unprotected windows...
You could also ask why people are working on formal verification of
software although they can't prove that it is impossible to enter ring
0 from ring 3 on a Pentium 4. The answer is pragmatically that most
people are working in those areas where results can likely be achieved
next with reasonable effort.
Coincidentially, in this case covert channels are practically
insignificant on most systems, because there are so many things easier
to exploit it's not even funny. So, I think your analogy is false,
but maybe we are thinking about different classes of systems. I mean
the home desktop, not the Pentagon desktop.
Anyway, security (in any shape or form) is not an absolute. You work
on the lowest hanging fruit for the attackers you worry about most,
and then move on to the next problem.
Thanks,
Marcus
More information about the cap-talk
mailing list