0wned .gov machines (was Re: Russian cyberwar against Estonia?)

Anne & Lynn Wheeler lynn at garlic.com
Sun May 20 11:03:08 EDT 2007


Ivan Krstić wrote:
> I think it's anything but surprising. There's only so much you can do to
> significantly improve systems security if you're unwilling to break
> backwards compatibility -- many of the fundamental premises of desktop
> security are fatally flawed, chief among them the idea that all programs
> execute with the full privileges of the executing user.

part of this is that many of the basic platforms providing internet connectivity
evolved from disconnected/unconnected desk/table top environment ... with
lots of applications assuming that they had full & free access to all resources.

attempting to leverage the same platforms for connectivity to extremely hostility
and anarchy of the internet creates diametrically opposing requirements.

one countermeasure from the 60s is to use a dynamically created ("padded cell")
virtual machine for internet connectivity ... with limited scope and accesses.
then when the session completes ... the environment is collapsed and everything
is discarded. 

while the "native" system operation may have little or no defenses against the hostile 
internet ... the "padded cell" virtual machine environment is used to bound the scope 
of any penetration ... somewhat analogous to "air gapping".

recent post:
http://www.garlic.com/~lynn/2007k.html#48

somewhat older reference:
http://www.nsa.gov/selinux/list-archive/0409/8362.cfm

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list