secure data export

secure data export

Elazar Leibovich elazarl at gmail.com
Sun Jun 26 15:32:58 IDT 2011


On Sun, Jun 26, 2011 at 10:24 AM, Oleg Goldshmidt <pub at goldshmidt.org>wrote:

>
> It's a tough problem. It is a lot more difficult than AV since you
> want to prevent essentially arbitrary data from leaking, not just data
> that may damage another machine.


I don't think preventing data leak is a problem here, or generally speaking.
The problem is, you can't verify from the first place what you do and what
you don't want to send.

For instance, if we assume that there's a certain trusted computer, where he
composes arbitrary files marked as "safe", it is trivial to send those files
without extra information. Let the trusted computer sign this file, and
you're safe. No one can inject any other information as long as you've
verified the signature. The only problem is, verifying the signature (or
actually conducting any other computation securely) in a hostile
environment, for which there are solution.

The problem here is, no one knows what's safe to send and what's secret.
(Either that, or ALL computers are hostile). So the adversary is giving you
a file with some information visible and some hidden, and you need to change
it so that only the visible information remains. Now this is tough. The
adversary can take advantage of any non-deterministic data structure in the
file he gives. Heck, he can change the order of the inodes in a certain
directory (at least in some file systems).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110626/1d3bc2b7/attachment.html>


More information about the Linux-il mailing list