Palladium
Peter Clay
pete at flatline.org.uk
Mon Oct 21 16:27:31 PDT 2002
I've been trying to figure out whether the following attack will be
feasible in a Pd system, and what would have to be incorporated to prevent
against it.
Alice runs "trusted" application T on her computer. This is some sort of
media application, which acts on encoded data streamed over the
internet. Mallory persuades Alice to stream data which causes a buffer
overrun in T. The malicious code, running with all of T's privileges:
- abducts choice valuable data protected by T (e.g. individual book keys
for ebooks)
- builds its own vault with its own key
- installs a modified version of T, V, in that vault with access to the
valuable data
- trashes T's vault
The viral application V is then in an interesting position. Alice has two
choices:
- nuke V and lose all her data (possibly including all backups, depending
on how backup of vaults works)
- allow V to act freely
I haven't seen enough detail yet to be able to flesh this out, but it does
highlight some areas of concern:
- how do users back up vaults?
- there really needs to be a master override to deal with misbehaving
trusted apps.
Pete
--
Peter Clay | Campaign for _ _| .__
| Digital / / | |
| Rights! \_ \_| |
| http://uk.eurorights.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the Testlist
mailing list