Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Computer Security : Computer Security Server Time
3 Sep 2024 11:27:56 EDT (-0400)
  Computer Security  
From: Darren New
Date: 15 Feb 2011 13:40:20
Message: <4d5ac894$1@news.povray.org>
 
An interesting thought: The top three types of computer security failings 
all come from having violating an abstract Harvard architecture abstraction 
implemented on top of a Von Neumann machine.  That is, buffer overrun, 
cross-site scriping, and SQL injection all happen on systems where the 
underlying implementation language treats code and data as if they're in 
separate address spaces and yet allows that abstraction to be broken in 
order to execute data as code. The work-arounds for all these problems 
consist of ensuring one does not break the Harvard abstraction's implementation.

For example, consider how much safer SQL would be if it was configured to 
only run prepared statements invoking stored procedures. And I daresay that 
buffer overruns were much less damaging in the days when the code was 
addressed via the code segment and the stack was addressed via the stack 
segment. (Not entirely safe from buffer overruns, mind, but much safer.)

The whole thing of DEP and base address randomization is a lame attempt to 
enforce the Harvard architecture to a greater degree without having to fix 
the unsafe languages.

-- 
Darren New, San Diego CA, USA (PST)
  "How did he die?"   "He got shot in the hand."
     "That was fatal?"
          "He was holding a live grenade at the time."


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.