[Coldstuff] Secure Client/Server ideas?
xmath
coldstuff@cold.org
Tue, 15 Jan 2002 17:09:22 +0100
>But, I'd like that to be somewhat secure. I therefore try to think
>of concepts about how to run code on an untrusted machine.
You can't trust an untrusted machine. Whatever you think you can
invent, it'll be crackable. Some people try, with copy-protection
schemes etc, but it's trivial to prove that it *can* be cracked,
therefore it will be if someone with sufficient skill has enough to
benefit from it.
The only solution is to make sure the code that runs on the untrusted
machine isn't trusted, and that the user doesn't benefit from
meddling with it.
For example, if it is some kind of UI or allows the user to "do"
things, make sure the server simply doesn't accept anything that
isn't allowed.
In general, the security of a system should never depend on the
secrecy of its inner workings, and remember that anything that's on
the user's HD or runs on the user's computer, *IS* in hands of the
user. This is only not the case if:
1. the software is protected by a secure operating system
2. the OS + software runs on secure hardware
3. the hardware is made tamper-proof, for example by putting it in a
building with a camera aimed at the hardware, watched by a security
guard
I assume this isn't the case, therefore you cannot trust *anything*
that comes from the user's computer or any code that runs on the
user's computer. Unless tampering with the system cannot give any
benefit to the user. (Make an analysis: who would want to mess with
your system? what is their goal?)
- xmath
PS I'm currently reading "Secrets & Lies: Digital Security in a
Networked World" by Bruce Schneider... good book :-)