POV-Ray: Newsgroups: povray.off-topic: Random fact of the day: Re: Random fact of the day

POV-Ray : Newsgroups : povray.off-topic : Random fact of the day : Re: Random fact of the day		Server Time 30 Jul 2024 00:27:47 EDT (-0400)

From: clipka
Date: 6 Jun 2011 18:13:59
Message: <4ded5127@news.povray.org>

Am 06.06.2011 22:15, schrieb Darren New:
> On 6/6/2011 12:51, clipka wrote:
>> ... and still, even /those/ seem to keep dropping their pants if
>> addressed
>> in the right manner.
>
> Usually through the use of a hardware hack, tho.
>
> The Sony hack required him to actually wire up the motherboard with
> switch shorting out traces. The XBox hack was, IIRC, not so much a flaw
> in the security of the system, but a broken game that let you run code
> from a saved game (via buffer overflow or some such).
>
> That's exactly why you need to do something like formal logical checks
> that your code does the right thing at the lowest levels, then make
> everyone conform to that.

Ah yes - a formal proof... pretty useful if your intention is to make 
sure a security-critical system never fails due to unforeseen errors.

As for making sure that a system is secure against /malicious intent/, I 
believe it's pretty useless.

Just have a look at smart cards: For a given smart card design, you may 
formally prove that there is no input sequence that makes the card 
disclose even a single bit of its secret key...

... on its /official/ interface, i.e. the I2C bus data lines. But such a 
formal analysis typically forgets a few other channels on which the 
device is leaking information. For instance, an analysis may forget 
about the timing of the data output, which might give hints about what's 
going on inside. Or the power the chip consumes at any given time.

Say you will - I think a formal analysis can never foresee /all/ 
possible attack vectors a system might exhibit.

Post a reply to this message