Our computer security model is broken. In fact, it never really has worked well, but is even less suitable for today's users. In this session, I will explain why I feel that current security software and OS design are nothing more than band-aids, and why a totally new way of thinking about computer security is mandatory. Of course, I will be willing to answer more general computer security questions, but will lead off withSecurity Is Broken. Plan on participating in a lively discussion.
The number of buffer overflow vulnerabilities continues to increase. Even worse, the overall percentage of buffer overflow vulnerabilities (against the estimated amount of total code) has increased. We're not even breaking even—we're falling behind.
Many programmers today aren't actually programmers; they lack both the knowledge and training to write secure code. (One of the best examples of this is PHP, which has many many libraries available for it, many of which are full of security vulnerabilities.
SELinux is really a port of Flask.
One of the weaknesses of SELinux is that it's protecting processes and files, but attacks these days are increasingly targeting specific information within individual applications. For example, SELinux won't stop phishing attacks, because from the point of view of SELinux, a phishing attack doesn't cause (e.g.) Firefox to do anything it's not supposed to do.
Rik asserts that most exploits today are targeting the web browser—either to attack data (e.g., phishing), or to use the browser as a vector for code injection / buffer overflow exploits.
Google has gathered some statistics concerning their malware protection system. About 40% of the time, people click through to the site anyway.
Rik thinks that separation of privilege is something that should be
considered to be a best practice
(at least for now). Make
the privileged/dangerous stuff as small as possible, and make it
self-contained. Yes, it's still s Band-aid, but it's a fairly
effective one.
Unfortunately, this don't help you when it comes to your web browser, because the entire browser runs as you.
Can we blue sky
? Meaning, can we clean the slate? Start
over again? If we could, perhaps, say... programs would be broken
into small tasks; each task would run within its own environment;
each task would be restricted (by reference monitor / capabilities).
Modern hardware gives us much better tools for making this happen.
Rik started raising his security consulting rates higher and higher, but then a few years, his customer base started to drop off. Rik thinks that this is because people have realized that security is broken, so they are resorting to compliance as a CYA technique. In essence, people have given up on security.
Rik doesn't claim to have all the answers; his goal in giving presentations on this topic is to raise awareness. But he does believe we should be looking at this problem a lot harder than we currently are.
You can go to the index of my Usenix notes.