Re: GUI, hold the widgets

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Wed May 05 2004 - 16:59:14 CDT

On May 5, 2004, at 4:46 PM, David Mertz wrote:

> I should note that Fred McLain has made the argument that
> the GUI ballot application should eschew the use of widget
> libraries ...

Read my Georgia Tech paper from 2002.

     http://www.cs.uiowa.edu/~jones/voting/atlanta/
     Trustworthy Systems on Untrusted Machines

In it, I explore ways to defend against attack from the GUI,
from the interpreter, and from several other parts of an
untrusted host system.

In sum, you have to write your application using a considerable
range of defenses. The smaller the system is against which you
are defending yourself, the easier it is.

The presence of antivirus tools in the host system means,
for example, that the host system includes tools that try
to identify a set of applications (the viruses) against which
the system will take adversarial action. The presence of any
tools that recognize some subset of the applications and
attempt to interfere with the correct execution of those
applications is a direct threat!

Imagine getting a job at Norton, for example, and folding
into their antivirus package a bit of code to recognize
some voting application and, when it encounters it, install
some patch. It is thus safe to argue that the presence
of antivirus tools on a system poses a security threat.

                Doug Jones
                jones@cs.uiowa.edu
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon May 31 23:17:18 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:15 CDT