Image Unique Identifier

Ron Teitelbaum Ron at USMedRec.com
Tue Aug 22 22:51:52 UTC 2006


Hey Colin,

Get out the tinfoil.

The unique id is part of a key that protects security certificates.  If the
image is shut down, or is copied to another machine, we don't want that
image to have someone else certificate information.  Right now the data is
encrypted in memory so that there is no leakage of information from the
running image.  I generate a key to protect the data, but that key currently
lives on the certificate object.  That means that if the certificate object
were to be transferred to another machine they could use your certificate.
I want to make sure that doesn't happen, or to make sure that it would be
extremely difficult or impossible even for me (the guy writing to the code)
to get the information to work outside of the image that imported it (and
therefore had rights to the certificate in the first place).

Ron

> -----Original Message-----
> From: squeak-dev-bounces at lists.squeakfoundation.org [mailto:squeak-dev-
> bounces at lists.squeakfoundation.org] On Behalf Of Colin Putney
> Sent: Tuesday, August 22, 2006 5:52 PM
> To: Ron at USMedRec.com
> Cc: 'The general-purpose Squeak developers list'
> Subject: Re: Image Unique Identifier
> 
> 
> On Aug 22, 2006, at 5:27 PM, Ron Teitelbaum wrote:
> 
> > I was worried that someone would transfer my object to another
> > image before
> > it shut down with some distributed object framework; I wanted to
> > prevent
> > that by having the image access some data outside the image itself.  I
> > suppose that an external file containing a UUID would have the same
> > effect,
> > but would add to support problems.  It is a good thought.
> 
> That's why I asked about trusted vs. untrusted code.
> 
> It seems like there are 3 levels of paranoia here:
> 
> Blasé: Do the simple thing, and if we find a situation where that
> causes problems, fix them.
> 
> Cautious: Protect against accidentally transmitting the id by
> accident as might happen with code that blindly reflects over the
> entire system. Your remote string idea probably fits the bill here.
> 
> Tinfoil Hat: Protect against malicious code in the image actively
> searching out and transmitting the id so as to defeat your security.
> Tough to do in Smalltalk.
> 
> How paranoid are you?
> 
> Colin





More information about the Squeak-dev mailing list