In regards to filtering for viruses and data based security problems:
This is all interesting stuff. I remember reading recently that
virus checkers on the PC are faced with a similar detection problem
with respect to stealth viruses. One vendor claims that their virus
detector simulates execution of the program that is being scanned to
discover viruses as they unencrypt themselves. I'm not sure how they
handle viruses that unencrypt on the third invokation or only on
thursdays etc. The problem is really difficult. Whenever you "fix"
security problems in one layer of the hierarchy they reappear at a
higher level. Viruses in Word macros are an example of that.
Lately I've been seeing more holes in the security dike than I can plug.
Frankly I'm running out of fingers and toes.
A things are getting nastier faster lately or is it just my
perception?
W.r.t Java's virtual machine. The idea has merit. Theoretically, one
could monitor the applet as it is interpreted, basically adding
another layer of security. The problem lies in defining unacceptable
behaviour (or its complement) and correctly implementing the VM. So
far all of the Java security problems that I have heard of were
problems with the implementation, not with the design. Does anyone
see a fundamental problem with Java's security model?
Mark Riggins
Secure Systems Engineering
AT&T Bell Labs
Follow-Ups:
References:
|
|
