[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

desktop security questions



Hi,
	So, I was just looking over George Lebl's desktop security paper for
GUADEC[1] and I realised that when talking about desktop security we
make a lot of assumptions about what we mean by security.

	Given that designing secure applications/systems is all about trade
offs between the risks to the application and the cost of the possible
countermeasures, you need some sort of basic framework for making those
tradeoffs.

	Here's the kind of thing I'm thinking of:

      * What can go wrong/what are we trying to prevent/risks? 
              * Loss of data
              * Disclosure of private data/loss of privacy
              * Denial of service
              * Interruption of work/reduced productivity
              * ...
        
      * What may cause the above to come about/threats? 
              * Escalation of privileges to an attacker
              * Execution of arbitrary commands specified by an attacker
              * Ability for an attacker to force the program into
                monopolising system resources (cpu, memory, file
                descriptors, ports, hard disk space)
              * Ability for an attacker to cause a program to abort in
                an unrecoverable way
              * Ability for an attacker to snoop a user's actions
              * ...
        
      * What are our assumptions? 
              * The attacker can not have root access (i.e. any
                countermeasures to this threat would be futile)
              * Our user is not technical and does not need to
                understand the threats to the system (although they do
                implicitly understand the risks)
              * (Deployment environment assumptions)
              * ...
        
      * What are our goals? 
              * Provide a system whereby the user can easily and safely
                get their work done
              * Ensure the privacy and integrity of a user's data
              * ...


	Any thoughts? Useful or not? Feel free to expand[2] the "..." bits.

Cheers,
Mark.

[1] - See http://2004.guadec.org/schedule/profiles.html

[2] - Red Hat people edit the SecureDesktopQuestions wiki page, everyone
      else just reply to the list (yes, that sucks and, yes, we'd really
      like to have an external wiki)



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]