Re: impossibility of computer security?

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Mon Sep 16 2002 - 22:02:50 MDT


On Monday, September 16, 2002, at 08:23 pm, Wei Dai wrote:

> I wonder if anyone is as disturbed as I am with the recent news of
> remote
> exploitable holes in OpenSSH and OpenSSL that allow attackers to run
> arbitrary code. When open-source software whose only purpose is to
> improve
> computer security actually make it worse, I have to wonder if
> security is
> possible at all. Has anyone thought about what causes this seeming
> inability of human beings to write secure software, and what its
> implications are for the future?

I think about it a lot. You can't prove a negative. It's hard to
take software and prove that somebody can't think up some new
technique to thwart it. Most direct attacks are easily blocked and
provable. It is the innovative new ways that humans keep thinking up
that make an end-run around the best of designs.

Take SSL, for instance. Even in the face of good encryption and
non-informative error messages, someone figures out a way to brute
force it to detect usernames. How? They notices that real usernames
and passwords took time to calculate the password to see that it was
wrong. Nonexistant usernames were dismissed much more easily and
responded much faster with non-admittance. No information was cracked
through the encryption. No information leaked through the error
message. The information was in the timing of the response, which
nobody had thought to look at before. Now that we know, it is trivial
to block this. (This is not the same flaw you just references, but I
think it is a fascinating example of how "thinking outside the box"
goes around basic security systems.)

The other problem is that technology is not static. Once we figure
out a problem, it is easy to fix and test. But in today's ever
changing world of new features and new devices, we are facing new
questions all the time. I am not sure that it is accurate to say that
we will never be able to write secure software. It is more accurate
to say that we can't keep up writing security features in new software
that comes out every month. Before we get it totally secure, it
changes and the new version comes out. Maybe we can write secure
software, but we can't write it fast enough. Or we can't write secure
software as fast as other people can write insecure software, so the
avalanche keeps coming.

This is a wonderful question that I spend a lot of time thinking
about. The future of technology and transhumanism depends on the
answer to this question. Like most complicated questions, it probably
will be an ongoing process forever. I doubt any magic technology will
settle this once and for all. Not even NanoSanta, Singularity-Santa,
or any other Santas.

--
Harvey Newstrom, CISSP	<www.HarveyNewstrom.com>
Principal Security Consultant	<www.Newstaff.com>


This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:17:06 MST