EuroOSCON - Remembering the End User
Pages: 1, 2
Defending Against Users
Alan Cox, Red Hat Fellow, said that the biggest risk to a company's computer security is the employee using the system. They operate inside of your system and they need access in order to do their jobs. They work for you and mean well. In short, the challenge ahead of us in computer security is to stop well-meaning people from doing things they shouldn't do.
One approach is to think about modularity. It helps to separate code that does different things. It is difficult to write a set of rules that says, for example, what Firefox does. But what if you could split the code into more easily definable pieces. One piece might load a JPEG but it has no business talking to the file system. An HTML file might talk to the network but it doesn't talk to password files. This enables you to build defenses against components that are trying to gain access to parts of the system that they shouldn't.
Another possible approach is based on lessons learned from the virus world and the real world. If we randomize the way in which memory is laid out or the way in which a machine behaves, it will be harder to exploit. The reason is that every time you run a program, things will be subtly different. The downside of this, of course, is that it makes debugging more challenging. This can lead to the world of writing once, debugging everywhere.
Do we actually need to defend against users? Cox reminds us that human policy quickly gets forgotten and users don't understand the implications. You can tell someone not to open attachments, and for a while they will comply. But after a while they will get an email with some innocent-looking screensaver and they will open it and potentially infect your entire office. Cox suggest that it would work better to teach the computer to enforce the security policy. In this way, the virus or trojan becomes a call to the help desk. The user might call and say, "I've downloaded this screensaver and it doesn't work." After considering the pros and cons of trusted computing, Cox concluded that what we need is variations between systems, firewalls that operate by default, and "always on" default protection.
Explaining Open Source to Users
Sun's chief open source officer, Simon Phipps, quickly differentiated between the needs of developers and the needs of end users in his keynote address. His view of open source software was built around what he called "The overlooked corner, the forgotten freedom, and the hidden menace."
For Phipps, open source software is built on a source code commons. After an initial contribution, use of the source is controlled by the license. He thinks that much of the discussion of open source begins and ends with the license. He said that much of his current effort is spent reducing the number of licenses being used by Sun. Equally relevant, in his opinion, is the motivational model used to encourage a diverse developer community with a range of motivations to create work on top of the commons. According to Phipps, the "overlooked corner" is the governance of the community. The governance regulates contributions back into the commons and bad governance, he argues, is "the primary vector for disease."
To illustrate the issues surrounding freedom, Phipps separated open source development from open source deployment, saying that neither are the domain of hackers anymore, and he noted that "whatever sets one person free might enslave another." He showed a picture of scuba divers and said that they are free to swim wherever they want to. They are, however, restricted by the need to be near replacement oxygen tanks, and the tanks should have an interface compatible with their gear. He used this to argue that standards are important to end users because that enables substitutability. He said that freedom for developers is in the code; for end users, it's found in replaceable choices. He concluded that "freedom for all is a product of open formats and open source software."
One of the big challenges to freely available technology is software patents. Phipps contends that we cannot convince corporations not to pursue this "hidden menace," but that we can combine multiple strategies to defend against them. He recommended the mandatory application of both compulsory licensing, where there is a blanket grant of patents restricted to licensed code, together with non-assert covenants, where there is an agreement not to assert rights against a cooperating community.
Daniel H. Steinberg is the editor for the new series of Mac Developer titles for the Pragmatic Programmers. He writes feature articles for Apple's ADC web site and is a regular contributor to Mac Devcenter. He has presented at Apple's Worldwide Developer Conference, MacWorld, MacHack and other Mac developer conferences.
Return to the O'Reilly Network