[EROS-Arch] Re: [E-Lang] Re: Interaction Design for End-User Security

[Seth Arnold]

[At this point, I have forgotten the initial impetus for this thread.]

* kragen@pobox.com <kragen@pobox.com> [010331 03:11]:
> If the compromised computer is in a position to use the iButton to
> decrypt things and get back the results, it can send it to the
> attacker over the network or save it on disk for later perusal.

Yes, save it to disk or use the network using the capabilities it was
given explicity during install. A program can't get real far with the
data you give it, encrypted or otherwise, beyond how far you were
willing to let the software go with the capabilities granted to the
software.

Of course, subliminal channels wreck this pretty view. Which reminds me,
I haven't seen many papers about detecting or destroying subliminal
channels. Are there classics? (Note, 'subliminal channel' is the best I
can come up with for the term I am thinking of. I cannot even recall now
if subliminal channel is specific to cryptography or if it can be
applied to any unintended communications path. I apologize if I am using
incorrect terminology.)

But, the original point remains -- you gave data to the software. If you
don't completely trust that software, then it may have done something
unintended with your data using any of its capabilities. The confinement
problem assumes you aren't granting access to store data places where
data shouldn't be stored. :)

-- 
Earthlink: The #1 provider of unsolicited bulk email to the Internet.