Thursday, March 23, 2023

Repost on why computer security is so hard

I see that a few dozen of you have clicked through to the old post I linked to yesterday (well done, you!).  I'm reposting it here because it has held up so well.  Remember, this post was written almost 15 years ago and the Android data disclosure problem shows that it is still current .  It is also one of the very first posts to get the Best Post tag.  It's interesting (and a little gratifying) to be able to dust off such an old post to illustrate current events.

Note that I had to update a link in the post due to Internet link rot.

======= Originally posted 7 September 2008 ==========

We're not as smart as we think we are

Ever wonder why bridges almost never fall down? They almost never do, and when it happens, it's big news.

Ever wonder why you have to update your computer every month because of security bugs? (and while Microsoft is the example here, this applies to every computer, every operating system, and every application).

The biggest problem is that software technology changes so quickly. If your code is still being used ten years later, that's a big win. If it's being used twenty years later, it's headlines. Yet there are modern-design bridges that are older than the United States.
This is the Iron Bridge, the world's first bridge made entirely from iron. When it was completed in 1781 it was one of the wonders of the world, and a triumph of the Industrial Revolution. Other than being made of iron, it is entirely unremarkable to people today. The basics are simple, even after a couple centuries:
  • Bolt the girders together.
  • Paint the iron to make sure it doesn't rust.
  • Check the bridge regularly, especially for rust.
Software isn't like that. You can change software so that it does other things, sometimes radically different things. While it starts out as a simple, say, text editor, by the time you're done adding new features, it's Disco-Roller-Fishing.

Back to bridges. You never hear the following said in discussions about bridges:
We'd like you to change your girder_connector_bolt() function to also spread Nutella on toast.
This is not only possible with software, but it happens all the time:
We'd like you to add IP network capability so that people can remotely manage the factory control system.
The problem is that we're not as smart as we think that we are. Adding the IP networking capability adds security risk, but nobody stops to think about those new risks. And then someone finds out that a single IP packet can crash the process control computer [this is the link that I had to update due to Internet link rot - Borepatch] that controls your industrial ovens, and all your cookies burn up.

Oops.

This happens all the time, because we like to turn our pretty solid factory process control system into a Web 2.0 Disco-Roller-Fishing portal. Think about this before you get all excited about online banking.

Any change you make to software may add a security bug. Even fixing a security bug can introduce another security bug.

Upgrading from a 32-bit CPU to a 64-bit CPU is, shall we say, a "target rich environment". Dave LeBlanc (one of the smartest coders I know) shows how. This one is pretty funny (in a really security geeky way) because you may introduce a security bug without changing the code - just recompiling it for 64-bit is enough to do the damage. One of your key security assumptions - which was perfectly valid on 32-bit - is no longer valid on 64-bit.

Now let's run it in a virtualized environment. How's your security? (Cliff Note's answer: you don't know, and nobody else does, either)

Computer security is a really interesting field. Because of the rate of change in computer technology, it never lacks for something new. But I think that maybe we've lost, and that it's Game Over.

Iron Bridge? #2 son understands it; #1 son might be able to design it. And it wouldn't fall down, either.

Software? We can make everything safe except for Disco-Roller-Fishing.


3 comments:

Glen Filthie said...

Being able to code is only half the battle. An IP guy is only as good as his understanding of what it is the computer has to do. He has to be a skilled translator for the computer…but he must know how to build the bridge or smear Nutella on a piece of bread in order to get bulletproof software.

Do people actually eat Nutella…?🤢

blogger said...

Glen,

My kids loved it when they were young. And I understand that there's a cocktail made with Frangelico and Godiva liquor for grown ups (not a fan of that).

- Borepatch

Richard said...

As of 1972, there was a Roman bridge carrying heavy trucks across the river in Sevilla. Not sure if it has been replaced now.