[Cryptography Team] re: Securing the VM and Image

Ron Teitelbaum Ron at USMedRec.com
Tue Aug 1 14:08:16 UTC 2006 

Craig,

I would say that generally it is the responsibility of the developer (or
company) to ensure that what is in the image and what can be created by the
image is secure enough for the purpose that it is created.  Obviously no
company can protect itself from a government (especially ours) but a lot can
be done to protect the system from well defined threats scenarios.  Adding
cryptography to the system communications, and protecting the image so that
it performs only as the developer intends without change, plus using
standard test to verify implementations of critical algorithms does make
things better.

I would think that the best possible way to make a secure image is to build
from the bottom up, with something like spoon, to add only the code that is
necessary.  To perform extensive automated code coverage tests.  To harden
the image and the VM to check code before it is executed against a release
certificate.  To add proper intrusion detection to disable the software if
tampering is detected and to encrypt everything stored to disk including the
image and the VM.  That along with securing the communications should make
the system good enough.  (Using the proper algorithms like suite B and
having observed NIST common criteria or having NIST certification of the
software also helps).

What really gets me is that I've been programming in Smalltalk for 10 years
now.  I've written programs for a 2 billion dollar company.  I know that
Sprint uses Smalltalk for switching, and there are some very large insurance
companies that use Smalltalk.  It just can not be possible that Smalltalk is
only appropriate for corporate intranet applications and can not be secured
for the internet.  Either I'm missing something or this is something that
this group can add to the value of the language.  

Ron Teitelbaum

> From: Craig Latta
> Sent: Tuesday, August 01, 2006 12:17 AM
> 
> 
> Hi Ron--
> 
> > I would think that placing a certificate on the image file would be
> > good enough "IF" we could prevent changes to the object structure and
> > code in memory.
> 
>      Doesn't that go out the window the first time you allocate and/or
> do a GC?
> 
> 
> -C
> 
> --
> Craig Latta
> http://netjam.org/resume
> 
> 
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

More information about the Cryptography mailing list