(Page 2 of 2)
Many of the vulnerabilities that the researchers used to test the system had been rated as serious or critical by Microsoft, Brumley says. While in two cases, Microsoft had already issued warnings for the exploits that the researchers generated, in several other cases, they created exploits that were previously unknown.
"If you just look at it naively, you are distributing a patch for the betterment of the system, closing security holes," says Dawn Song, an assistant professor at the University of California, Berkeley, who was also involved in the research. "But the point of the work is that, even in such situations, you also need to carefully consider the security ramifications."
As a result, the researchers call for new methods for distributing patches that could make them more secure. Brumley suggests taking steps to hide the changes that a patch is making to the software, releasing encrypted patches that can't be decrypted and activated until a large portion of users have downloaded them, or exploring peer-to-peer distribution methods that could allow patches to go out in a single wave rather than in stages. "I'd like to see researchers get together with vendors to find out what their requirements are to make new solutions work," he says.
Gkantsidis agrees that changes should be made to patch distribution, but he says that further research is needed to ensure that those changes don't introduce new problems. For example, he says, while peer-to-peer distribution has the potential to help distribute a patch quickly, it could also make it easier for attackers to figure out which systems remained vulnerable. He suggests combining the new approaches, such as by both encrypting patches and using peer-to-peer distribution.
However, Bruce Schneier, chief security technology officer at BT Counterpane, says that, while it's interesting that the researchers have demonstrated this capability, he doesn't see that it changes anything. People know that you can reverse-engineer an exploit from a patch, he says, and this research simply shows how easy the process can be. "I think you just have to live with the fact that when you release the patch, the exploit is known," he says. "That's just the way the world works." People can try to make reverse engineering harder, he says, but they can't stop it altogether.
Song hopes that the automated techniques she's developed to generate attacks can also help defenders. By improving the tools for automatically analyzing software code, Song hopes that it will eventually become possible to make programs more secure.
Tools that find serious bugs automatically could lead to safer, more stable software.
A new tool assumes that a PC is loaded with malware--and protects transactions anyway.
It seems that this technique only works for a subset of security holes. For example, a hole in Firefox might be easily exploited using this technique (via a website), but a hole in Acrobat (something that must be exploited locally) might not be so effectively exploited. So if my assertion is correct, then we really only need better patch distribution techniques for a certain subset of patches -- namely those that can be easily exploited remotely.
But then again, if you already have a new patch distribution technique, why not distribute all patches that way, right? Eh, whatever.
As many households have more than one computer on their network these days (not to mention businesses, colleges, government entities, etc) why not develop a means to automatically share OS patches amongst computers on the same net? If one of my computers is set to download a patch from MS, why must the others also reach out and touch the server for the same patch? Why not just talk to its neighbor and download it from there? Better yet, the computer that just got the patch could send out a "Do you have this yet" probe and if a computer replies with a negative, it will automatically get sent the patch. Would probably lesson the stress put on the distribution servers and also clear up some congestion on the net during heavy patch releases (SP3 for instance).
Alternately, you could close the gap between patch availability and installation by signaling critical subsystems to disable affected functionality until the patch is applied. Of course, you would have to decide which is worse, the medicine or the disease. But for critical flaws in ancillary services, it might well be worth it. This sort of disable-until-patched feature could even be a check-box option when you install the package, so the end-user can make the call.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
zig158
64 Comments
"Song hopes that it will eventually become possible to make programs more secure."
It is already possible, it's called open source.
Reply
Erica Naone
70 Comments
Re:
I think the key here is the start of the sentence: "By improving the tools for automatically analyzing software code." Song has an interesting project called BitBlaze (http://bitblaze.cs.berkeley.edu/), which is a binary analysis platform that forms the basis for this and other research.
Reply