10.9 Conclusions


10.9    Conclusions

In this chapter, we focused on client-side security in general, and the security implications and risks of executable (or active) content in particular. Fortunately, although the cost of malicious code has been estimated in the billions of dollars, the attacks that have occurred are much less serious than what has been (and is) possible. In fact, a variety of hostile and malicious Java applets and ActiveX controls have been demonstrated, but only a few serious attacks have actually occurred. [24] This will probably change as knowledge on programming executable or active content becomes more common and widespread.

Most incidents that have occurred in practice have launched DoS attacks. Note that any programming or scripting language or environment that allows system-wide resources to be allocated, and then places no limitations on the allocation of these resources, is subject to these types of attacks. But the languages addressed in this chapter seem to be especially suitable for DoS attacks, apparently because their authors have not considered these attacks to be serious threats, and because it is very difficult (if not impossible ) to protect against them. There is a programming language for mobile code (i.e., Telescript) that controls the use of systemwide resources by giving each process a limited supply of funds (so-called teleclicks), and requiring a process to expend a certain quantity of teleclicks in order to accomplish specific results, such as spawning new copies of itself. This approach can at least be used to protect against certain DoS attacks. It is conceptually similar to the use of a micropayment system (i.e., teleclicks represent the currency). However, the languages addressed in this chapter do not make use of this (or a similar) concept. In fact, code segments written in these languages can easily clog large amounts of system resources, and there are only a few possibilities for a user who is under attack to regain control of his or her system. To make things worse , there is nothing even resembling process control within most Web browser environments. The only way to interrupt a running piece of code is generally to kill and shut down the browser.

In summary, client-side security is unsatisfactory and the design, implementation, deployment, and use of security technologies that can be used to better protect against malicious executable or active content must be left for further study. Unfortunately, the problem is hard and it is possible and very likely that appropriate solutions will not be found anytime soon. In the meantime, users who care about security are well advised to disable executable or active content in their browsers (if possible and appropriate).

[24] http://www.finjan.com




Security Technologies for the World Wide Web
Security Technologies for the World Wide Web, Second Edition
ISBN: 1580533485
EAN: 2147483647
Year: 2003
Pages: 142
Authors: Rolf Oppliger

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net