Linked by David Adams on Fri 10th Jun 2005 15:25 UTC, submitted by tm
Bugs & Viruses Many virus attacks aren't really exploiting weaknesses in your operating sytem: they're simply tricking you into telling the OS to do things that it shouldn't do. The OS is just doing its job, executing code when you say so. Researchers at HP Labs are working on a solution to this problem using the Principle of Least Authority, or POLA -- "limiting the rights of each program to only the ones needed for the job the user wants done"
Order by: Score:
Isn't this what SELinux is doing?
by anon on Fri 10th Jun 2005 15:33 UTC

At least the gist of it?

reinventing the wheel and Re:anon
by l3v1 on Fri 10th Jun 2005 15:37 UTC

Yup, they saw grsecurity, selinux, pam, then they do their own, patent it, licence to the masses, profit upon.

Re: Isn't this what SELinux is doing?
by Geert Hendrickx on Fri 10th Jun 2005 15:38 UTC

or systrace in NetBSD.

Incredible
by Anonymous on Fri 10th Jun 2005 15:45 UTC

I would have thought a usable would first appear for Open Source software. Microsoft don't want to do it, so it is incredibly that HP can make it happen for software they don't even have the source for.

There is _no_ system that implements this at the desktop level at the moment. selinux only cover administrative task, and does not protect one program/file from another.

There is a lot of talk about making dbus the default security mechanism for programs for mozilla and gnome, but it haven't changed much yet.
The easiest way is still to make a new user for every file you open. With a little script it is very easy to create a new user, copy the file, and open it as that user in Linux. It practically gives you the same as this method.

@ Incredible
by Richard Moore on Fri 10th Jun 2005 16:00 UTC

> There is a lot of talk about making dbus the default
> security mechanism for programs for mozilla and gnome,
> but it haven't changed much yet.

DBUS is a communications API not a security system.

Rich.

theory
by netpython on Fri 10th Jun 2005 16:03 UTC

In theory it sounds all promising.Often ironically with the introduction of such mechanisms additional attack vectors are introduced.Eg:"2004-05-13 - Systrace Local Root on NetBSD
A bug in systrace_exit() on NetBSD-current can be exploited to get local root privileges. Update your kernel if you are are running NetBSD-current." Or the infamous w3k /GS compiler switch,who should protect against stack smashing but de facto created an extra vector.

More Info...
by rheimbuch on Fri 10th Jun 2005 16:20 UTC

This software is actually called Polaris, and it's really quite cool. You can read up on it at http://www.hpl.hp.com.nyud.net:8090/personal/Alan_Karp/polaris.pdf

I believe that the project is associated with the work done on the E language at http://www.erights.org

BSM auditing for linux, bsd?
by tech_user on Fri 10th Jun 2005 16:20 UTC

does anyone know if there is a (working) kernel/security event log mechanism for linux and *bsd that is like the solaris BSM.

openbsm isn't in a workuing state yet.

searches only show old outdated linux modules.

No system weaknesses?
by ADAXL on Fri 10th Jun 2005 16:22 UTC

"Many virus attacks aren't really exploiting weaknesses in your operating sytem: they're simply tricking you into telling the OS to do things that it shouldn't do."

There are many ways virus writers exploit weaknesse in system design:

** Remember the attachments thta Outlook would execute automatically? If that wasn't a system weakness, what is?

** Crummy software management that permits malware to install itself in a way that is becomes hard to dislodge. Write an OS where software cannot hide. No registry; a mandatory install log that allows the OS to remove any file that came with the install, no matter where it went; a strict system for programs that can launch at startup; etc.

** The OS should recognize how an executable entered the system and react accordingly. If the file came by a channel that is typical for malware (e-mail, IM), the OS should ask that extra question on install.

RE: No system weaknesses?
by jesse mcnelis on Fri 10th Jun 2005 16:52 UTC

"** The OS should recognize how an executable entered the system and react accordingly. If the file came by a channel that is typical for malware (e-mail, IM), the OS should ask that extra question on install."

Asking users "if they are sure" is silly.
You could pop up 100 "are you sure?" messages and still the user would just click through them all.

Protecting one's computer from 'virus' attack is rather simple. Run as a low privillage user and Just don't run untrusted executables.

Windows xp
by a on Fri 10th Jun 2005 17:04 UTC

is there a simple method to know what executable files(.exe) have been downloaded in my pc after a day's work?
thanks

Re: No system weaknesses?
by Terrapin on Fri 10th Jun 2005 17:38 UTC

"There are many ways virus writers exploit weaknesse in system design: "

Yep. We keep this Windows box patched religiously and have Symantec AntiVirus Corporate Edition, and things still get through even without clicking on attachments in email and without visiting porn sites and such. One gets tired of constantly being under siege from malware.

Re: No system weaknesses?
by Terrapin on Fri 10th Jun 2005 20:14 UTC

"There are many ways virus writers exploit weaknesse in system design"

Yep. We keep this machine patched religiously and run Symantec AntiVirus, and malware still gets through. This is without clicking on any email attachments or visiting porn sites. One gets tired of being under siege from malware.

Yes, that's cool
by Ilyak on Fri 10th Jun 2005 20:55 UTC

Now research centers lag against even OSS software (which some people tend to call uninnovative and catching last).

That's just cool, they finally started researching thing SELinux is doing for quite some time.
And, well, Java doing for like a DECADE. Check java security system, it's exactly about that!

Of course, I understand, innovation 'happens' only when brought on windows. What a mess! Windows morons.

Virus-safe computing?
by Russian Guy on Fri 10th Jun 2005 23:23 UTC

"The result: Standard programs, like Microsoft Word, are limited so that they can edit the document you have open and nothing else."

Did these guy hear about Word macro viruses? That type of viruses which only "edits" the document you have open and nothing else.

@Incredible
by jp on Sat 11th Jun 2005 06:54 UTC

>There is _no_ system that implements this at the desktop >level at the moment. selinux only cover administrative task, >and does not protect one program/file from another.

do you really understand selinux???? i doubt that.

-> a
by Anonymous on Sat 11th Jun 2005 09:51 UTC

>is there a simple method to know what executable files(.exe)
>have been downloaded in my pc after a day's work?

There are programs like Tripwire which'll alert you whenever there are changes to your machine's filesystems.

So they are implementing Niels Provos idea of a firewall/control of what system calls a program can do ? Been done for years and it's running on OpenBSD already.

What's new?
by Haugland on Mon 13th Jun 2005 13:46 UTC

Protection systems like this have been around for a long time. The first example I know of is "TRON" from 1995 (http://www.selberg.org/~speed/papers/tron/tron/tron.html).

The problem is not the protection mechanisms, but how to make them easy to administer for the admins and users. If the users have to struggle to make things work, they will rather suffer from the occational virus.

What is needed is a system, on the OS level, which can manage installation of programs, and the assignment of privileges/capabilities to these programs. When the protection mechanisms are easy to use they will be widespread.

Re:Word macro viruses
by Haugland on Mon 13th Jun 2005 13:52 UTC

Did these guy hear about Word macro viruses? That type of viruses which only "edits" the document you have open and nothing else.

Hence the term "Principle of Least Authority". Would you rather have your Word documents "edited" or the whole user home/harddrive? Your Word documents would qualify for the "least authority" criteria. Your Word program wouldn't really be that usable if it could not edit Word files...