In the news today:
“Governments, IOC and UN hit by massive cyber attack” (BBC)
How did the attack work? In a mind-numbingly ordinary way:
“An email would be sent to an individual with the right level of access within the system; attached to the message was a piece of malware which would then execute and open a channel to a remote website giving them access…they sometimes embedded themselves in the network and [tried to] spread across different systems within an organisation.”
- A person with broad authority ran a bit of code.
- The code, operating with this broad authority, wreaked havoc.
- Why did the code inherit the person’s authority?
- Is there a good reason for allowing this?
- In the current model of computation, is it easy and natural to grant limited authority to individual computational objects?
- What alternative model of computation (not an added security layer!) makes it natural to grant limited authority? What is it called? (Links, please.)
Questions for thought and discussion:
- Why does the current computational model grant authority in this indiscriminate way? How does this lead to “sandboxing”?
- What would be the main costs and benefits of moving computation toward the alternative model? How would this model play with the existing software base?
- What are the leading implementations of this model today, at the language and operating system levels? In your opinion, should they be promoted more vigorously?