Friday, 6 July 2007

Jumping Folders : A new security paradigm

I believe that
  • 'Every object should be able to secure itself against malicious access by another object.'
  • 'Randomness in object behavior can be an effective approach in securing themselves against malicious manipulation'

Jumping Folders is a proposal to secure folders and thereby contained Files from malicious access by introducing a default security behavior at creation time. The 'security behaviour'proposed is based on the premise that all objects exhibit a set of repeatable patterns in response to certain pre-defined stimuli. For example : If you double-click on windows based file or folder, it is 'normally' expected to open up.

What if I want to secure the folder or a file? The 'normal' (I keep emphasizing the term 'normal' for a specific reason,

which I will make clear shortly) options available to me could be :
1. Hiding the folder.
2. Preventing access to the folder by encrypting it with a password or even better encrypting the contents of the folder.

But what are we doing here:
We are using some well known and defined services available to us to 'seemingly' secure the contents of the folder. These services are provided by the OS (windows) and can be configured at different levels (users, groups, roles and all that)

Perhaps you must be thinking.Is there an option? The OS is the RingMaster. He or She cracks the whip and the performers jump but what if someone kills the RingMaster or even worse uses the identity of the RingMaster to manipulate the performers. You would perhaps say "Too bad" or "who cares about petty performers, get another one" and that is how Life goes on. An object is destroyed and we create another one to replace it.

Isn't that just what humans do.People are born, they multiply and then they die and sometimes die due to unnatural causes.

Jumping Folders is a proposal to inject a security element within an object (in this case, a folder) at creation time. The security element enables the folder to 'use' the services offered by the OS and behave 'abnormally' on certain stimuli.
Services in this case is refers to the windows cut and paste operations. stimuli is a mouse double-click. The 'abnormal' behaviour in this case would be 'cutting and pasting itself' at a different location on the file system. we know, the reason for my stress on normal and abnormal behavior of objects.

Thus, we have an object (the folder) that is intelligent enough to recognize a malicious intent (double-click) and protect itself by copying itself to another location.

So what if you want to see the contents of the folder.

Well, you could use a combination of a certain sequence of mouse-clicks and key-strokes to override the abnormal behavior. Why mouse-clicks? so you can get over a key-logger that is monitoring your keyboard operations.

In conclusion, Nothing is secure and we don't really need to be paranoid about security. Jumping Folders is a project proposal that give secures objects based on their randomness, so now don't let anyone tell you that randomness is bad :-)

No comments: