[11877] in cryptography@c2.net mail archive
Palladium
daemon@ATHENA.MIT.EDU (Peter Clay)
Mon Oct 21 19:33:48 2002
Envelope-to: cryptography@wasabisystems.com
Date: Tue, 22 Oct 2002 00:27:31 +0100 (BST)
From: Peter Clay <pete@flatline.org.uk>
Cc: Cypherpunks <cypherpunks@minder.net>,
Cryptography <cryptography@wasabisystems.com>, dcsb@ai.mit.edu
In-Reply-To: <20021021225220.A123387@exeter.ac.uk>
I've been trying to figure out whether the following attack will be
feasible in a Pd system, and what would have to be incorporated to prevent
against it.
Alice runs "trusted" application T on her computer. This is some sort of
media application, which acts on encoded data streamed over the
internet. Mallory persuades Alice to stream data which causes a buffer
overrun in T. The malicious code, running with all of T's privileges:
- abducts choice valuable data protected by T (e.g. individual book keys
for ebooks)
- builds its own vault with its own key
- installs a modified version of T, V, in that vault with access to the
valuable data
- trashes T's vault
The viral application V is then in an interesting position. Alice has two
choices:
- nuke V and lose all her data (possibly including all backups, depending
on how backup of vaults works)
- allow V to act freely
I haven't seen enough detail yet to be able to flesh this out, but it does
highlight some areas of concern:
- how do users back up vaults?
- there really needs to be a master override to deal with misbehaving
trusted apps.
Pete
--
Peter Clay | Campaign for _ _| .__
| Digital / / | |
| Rights! \_ \_| |
| http://uk.eurorights.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
