Security experts look to 'whitelisting' future
Published: 28 May 2008 10:01 BST
...set up for user authentication, so a computer will only boot after the user enters a unique key stored on USB.
BitLocker is based on the TPM (Trusted Platform Module) standard developed by industry consortium, the Trusted Computing Group. A TPM is a piece of silicon that is attached to the computer's motherboard and handles security functions such as password verification or digital certificate exchange. Being a piece of hardware rather than software, it is arguably less vulnerable to unauthorised misuse.
Further into the stack, Charney advocates that operating systems need to be bound with applications from a security perspective. Applications developed for a given operating system, he said, need to in some way be approved by the operating-system vendor as being safe for use.
"We need to bind operating systems and applications to that hardware so if it's tampered with, people know," said Charney. "We need to get applications signed, and make the signing process both more robust and harder to circumvent."
"We'll need a reputational platform," he asserted. "Software may be signed by someone you trust, someone you don't trust, or someone you don't know. When it's someone you don't know, how do you make a trust decision? We have to focus on all of those things."
Users, of course, would be rightfully concerned if Microsoft or other operating-system vendors pitched themselves as the sole judge of whether any given application was reputable and 'trustworthy'. For a competitive landscape, as exemplified by past antitrust decisions, it is essential that a level of choice is available to users with regards to applications.
Charney said that whatever model is put in place, users should be part of the trust process, so long as the industry is giving those users "more information" on which to base their decisions.
Cisco's Stuart said the strategy Microsoft is pursuing is, in effect, whitelisting: perhaps just by a different name.
"If you have a high degree of confidence in the changes you were making, and you have hardware trust up to software, then you've got a high degree of confidence of everything that is installed," he said. "So you have got a certificate of authenticity, if you will.
"If a piece of malware comes along, clearly it is not going to have that authenticity, and so it's not whitelisted. [While this is] not called whitelisting, it is effectively doing the same thing. It's about behavioural analysis of software as it's running, in effect whitelisting applications and whitelisting operating systems, and that's the next generation [of defence]."
"We've got to do something," said AusCERT's Ingram. "It's going to be a much more difficult concept to implement but I think we can work with it."
"We're starting to understand what the problem is but that doesn't mean we have any easy fixes," he concluded. "Some of the speakers here [at AusCERT 2008] have said openly and honestly, 'We haven't got it right, we've got to change our way of thinking if we're going to get on top of this'."
ZDNet.com.au's Liam Tung contributed to this report.
Credit: Is whitelisting the new blacklisting? from ZDNet Australia
Previous
Did you find this article useful?
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
