"I have a mind like a steel... uh... thingy." Patrick Logan's weblog.

Search This Blog

Wednesday, July 27, 2005

Fundamentals of A Security Hole

I hope no one is surprised about the "Greasemonkey Crisis".

Most closed source and open source running applications, middleware, and basic services on the internet or anywhere else are based on a fundamentally flawed concept of security. Greasemonkey is no different; moreover Greasemonkey is especially dangerous sinces its raison de'tre is dynamic customization over the internet.

Things could be different without too much trouble, but the first step is to recognize the real problem and well-known solutions.

Jon followed up with some important questions and implications. And so I should qualify my claim of "without too much trouble".

That should read "without too much *technical* difficulty". The challenging problem I stated above is the that the core problem is so pervasive: in our current systems, but also in our current thinking. A mindshift is needed to recognize the technical problem, realize there are existing technical solutions that are already out of the lab, and that the problem can be tackled one web site and one client application at a time. Not ideal, but much more practical than the ideal.

Some existing solutions that have escaped the labs already: Jon mentioned the E programming language, which if nothing else demonstrates the problem can be addressed on the current Java Virtual Machine. The DARPA Browser illustrates how to use E in a large, real application. The Waterken web application server and the Waterken browser illustrate how to apply the same concept at the level of HTTP and URI's.

The Squeak programming language (Smalltalk) and the Oz programming language are both being extended with E-like capabilities. Objects, virtual machines, web servers are all related concepts (see Mark Baker's recent note and the referenced observation about Smalltalk and HTTP) and all happen to provide a good foundation for capability-based security.

I'll also toss into the mix that concurrency-oriented (pdf) languages like Erlang and Termite are amenable to the same solutions. Capability-based security is just around the corner from our current thinking and our current tools. Capability-based systems can be released onto the internet incrementally, and already have been. Objects, the web, and shared-nothing message passing are all fundamentally doing the same thing... referencing resources and passing around representations of resources that refer to other resources. Just squint a bit to see the similarities and read about capabilities to understand the security aspects of design.

1 comment:

Unknown said...

I went through many sites of the Smalltalk and agree with all the supporters of Smalltalk. Though Smalltalk is not that popular these days, there is a new renaissance in Smalltalk development, thanks to Squeak. The more I learn about Smalltalk and Squeak the more I’m impressed. If you are programming savvy it is worth a look. In the process of my learning I have collected some good sites (more than 200) related to Smalltalk and Squeak (lessons, tutorials and programming). If you are interested take a look at the below link.

Blog Archive

About Me

Portland, Oregon, United States
I'm usually writing from my favorite location on the planet, the pacific northwest of the u.s. I write for myself only and unless otherwise specified my posts here should not be taken as representing an official position of my employer. Contact me at my gee mail account, username patrickdlogan.