Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: The "Biggest Target" paradigm and its consequence

Richard Rasker wrote:

> It's just that I realized that the "Biggest Target" paradigm is actually
> the absolutely stupidest defence possible to explain the malware crisis,
> as it implies that *any* OS with MS' market share would suffer the exact
> same problems; therefore, the only possible remedy is a reduced market
> share, so that there wouldn't be one Biggest Target any more, but a number
> of smaller targets of roughly equal size.

"Creating more targets" is a process called diversity; it's a solution
that has already been implemented in Linux since 2003, and is set to be
a feature of Vista called ASLR (Address Space Layout Randomization).

http://www.eweek.com/article2/0,1895,1969505,00.asp

Note that the technology upon which ASLR is founded, was created by
Professor Stephanie Forrest at the University of New Mexico, using Linux.

.----
| To test her concept, Forrest experimented with a version of the
| open-source operating system Linux. She altered the system to force
| programs to assign data to memory locations at random. Then she
| subjected the computer to several well-known attacks that used the
| buffer-overflow technique. None could get through.
|
| ...
|
| Linux computer-security experts quickly picked up on Forrest's idea.
| In 2003 Red Hat, the maker of a popular version of Linux, began
| including memory-space randomisation in its products.
|
| ...
|
| ####################
| # Also of interest #
| ####################
|
| Memory scrambling isn't the only way to add diversity to operating
| systems. Even more sophisticated techniques are in the works. Forrest
| has tried altering "instruction sets", commands that programs use to
| communicate with a computer's hardware, such as its processor chip or
| memory.
|
| Her trick was to replace the "translator" program that interprets
| these instruction sets with a specially modified one. Every time the
| computer boots up, Forrest's software loads into memory and encrypts
| the instruction sets in the hardware using a randomised encoding key.
| When a program wants to send a command to the computer, Forrest's
| translator decrypts the command on the fly so the computer can
| understand it.
| "The program turns malicious code into digital gibberish and it
| vanishes on reboot"
|
| This produces an elegant form of protection. If an attacker manages
| to insert malicious code into a running program, that code will also
| be decrypted by the translator when it is passed to the hardware.
| However, since the attacker's code is not encrypted in the first
| place, the decryption process turns it into digital gibberish so the
| computer hardware cannot understand it. Since it exists only in the
| computer's memory and has not been written to the computer's hard
| disc, it will vanish upon reboot.
`----

 - http://tinyurl.com/jrnbv (publicenemy.com) [New Scientist Article]

-- 
K.
http://slated.org - Slated, Rated & Blogged

.----
| L.A. town is falling down, while the ground moves around.
| We won't let it get us down; we're Californians!
`----
 - Animaniacs ( http://youtube.com/watch?v=XKcgTnfoM9Q )

Fedora Core release 5 (Bordeaux) on sky, running kernel 2.6.16-1.2133_FC5
 22:46:04 up 104 days, 23:02,  2 users,  load average: 0.00, 0.00, 0.00

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index