Armenian Knowledge Base  

Go Back   Armenian Knowledge Base > Technical sections > Languages, Compilers, Interpreters
Register

Reply
 
LinkBack Thread Tools
Old 30.03.2004, 14:37   #1
Академик
 
greka's Avatar
 
Join Date: 09 2001
Location: inside myself
Posts: 5,369
Downloads: 0
Uploads: 0
Reputation: 18 | 5
Default The most secure way

... to communicate within bounds of a single computer?

as a base let's use "MS Windows 2000".

* Pipes ?
* Mailslots ?
* Shared memory ?

* ... <your variant here>


Security descriptors may be applied to all stated ways (correct me if I'm wrong).

Are they solving the issue of secure access to that communication place ?

========================================
for example: Mailslot - may be found out by anybody, and anybody may write trash into them => DOS, etc.
workaround?
__________________
И повешенные могут качаться в неположенную сторону. /С.Е.Лец/
Reply With Quote
Old 31.03.2004, 17:52   #2
Бакалавр
 
Join Date: 03 2002
Location: Detroit, MI, USA
Posts: 482
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Default

Quote:
Originally Posted by greka
========================================
for example: Mailslot - may be found out by anybody, and anybody may write trash into them => DOS, etc.
workaround?
Well, DOS and similar attacks are not an issue if the format of messages is simple and does not require extensive processing.
Alternative approach is to bake security in messages. Here is an example:

Imagine if message transmitter and receiver share a secret (a key). Transmitter signs messages or encrypts, using some sort of encryption/signature generation algorithm.
Receiver decrypts or checks digital signature and quickly makes a decision if the message was sent from who transmitter claims to be, or not.
One more thing to remember is protection from replay attacks. Aforementioned example is vulnerable to such attacks, since potential hacker can capture one of valid messages, sent from transmitter to reciever, and retransmit it many times. Message identificator (which is different for each and every message) is typically used for replay attack prevention.

Summary:

The only way to prevent DOS, replay and other similar attacks is to implement quick authentication algorithm that will ensure authentity and nonrepudiation.

Cheers,
Hovik

P.S. You forgot to mention sockets in your list of communication measures. Not the best one, but still a solution, isn't it?
__________________
Hovhannes Tumanyan,
CISSP
Reply With Quote
Old 31.03.2004, 19:33   #3
Академик
 
greka's Avatar
 
Join Date: 09 2001
Location: inside myself
Posts: 5,369
Downloads: 0
Uploads: 0
Reputation: 18 | 5
Default

thanks for the detailed reply, colleague
It seems that I meslead you by a quiestion I've asked..

If user already authentificated (or if login-like authentification wasn't used at all) the only way to utilise security without inventing the bicycle is to use nested (i.e. OS's) security.

I would like to draw your attention to my question (btw you'll understand why I didn't included sockets):

interpocess communication within a single host.

For example if I want to give access to the locally (to that host) users only is the use of security descriptors assigning (say, while CreateMailslot(...) ) enough?

I never work with security issues on mailslots, etc. - that's why I'm asking (and offering some (may be stupid) ways to "hack" them):

HANDLE CreateMailslot(
LPCTSTR lpName, // pointer to string for mailslot name
DWORD nMaxMessageSize, // maximum message size
DWORD lReadTimeout, // milliseconds before read time-out
LPSECURITY_ATTRIBUTES lpSecurityAttributes
// pointer to security structure
);

What protection gives "LPSECURITY_ATTRIBUTES lpSecurityAttributes" from the one who dumps tonns of trush to that mailslot?

Or may be it's more appliable

typedef struct _ACL { // acl
BYTE AclRevision;
BYTE Sbz1;
WORD AclSize;
WORD AceCount;
WORD Sbz2;
} ACL;

structure ?

I need to know ways to protect a software (while it's running) even from authentificated user too - I'm leaving ways of authentification beyond the scopes!

Lets assume that I've few ways to determine is a currently logged user "trusted or not" - for now I want to know: how to securely communicate between 2 processes.
Reply With Quote
Old 01.04.2004, 15:05   #4
Академик
 
greka's Avatar
 
Join Date: 09 2001
Location: inside myself
Posts: 5,369
Downloads: 0
Uploads: 0
Reputation: 18 | 5
Default

there is an important assumption we should remember:
1) logged user does not have administrator's privileges
Reply With Quote
Sponsored Links
Reply

Thread Tools


На правах рекламы:
реклама

All times are GMT. The time now is 17:28.


Powered by vBulletin® Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.