Talk:COMP 3000 Essay 2 2010 Question 2: Difference between revisions
(16 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
=Comments & Discussion= | =Comments & Discussion= | ||
alrighty then.... I'm done for the night, I've just gone through it and it seems to flow nicely, and I made a few minor corrections here and there. I did have to make a major edit where I wrote all of the security invariants out and failed to notice that Youcef had done a similar thing just below it. Oh well.... It's fixed now. Night everyone | |||
--[[User:Gsmith6|Gsmith6]] 05:57, 3 December 2010 (UTC) | |||
I've added a few paragraphs in the background and the contribution sections including their references. Feel free to edit or add to them | |||
--[[User:Ymoussou|Youcef M.]] 04:05, 3 December 2010 (UTC) | |||
Don't forget your references guys! | |||
--[[User:Ymoussou|Youcef M.]] 00:30, 3 December 2010 (UTC) | |||
I'm adding bits and pieces here and there in most of the sections including references. | |||
--[[User:Ymoussou|Youcef M.]] 22:01, 2 December 2010 (UTC) | |||
--Writing up a critique of the researches evaluation methods for the critique section now | |||
[[User:Atubman|Atubman]] 21:25, 2 December 2010 (UTC) | |||
I've added to the Contribution part of the essay. I've basically explained as much as I thought was pertinent in what the section was asking for but don't be shy to add more! | |||
--[[User:Selliot3|Selliot3]] 14:11, 2 December 2010 (UTC) | |||
IBOS is designed to talk directly to the hardware. That's why they have everything at the lower level. All that extra TCB in other browsers was for all the extra stuff like services, OS components blah blah. I get their drift and how less code is secure but I don't get how they did it! From where do they get the services they claim to have taken out but still operates the same as any other browser. There is a catch somewhere but I can't find it in the paper or maybe I'm blind. I've been reading a lot of text but I got nowhere, its either too complex or not close to what I'm looking for. | |||
--[[User:Ymoussou|Youcef M.]] 04:19, 2 December 2010 (UTC) | |||
Brief description of the research problem below. (Still Needs expanding/fleshing out. can anyone help expand on why exactly shrinking the TCB will be more secure. I'm fuzzy on that) | |||
The IBOS attempts to improve the security of web browsers. The writers argue that the large size of the trusted code bases (TCB) which modern web browsers make use of increases the possibility of a security hole. For example a hijacked window manager could be used to draw a fake phishing website overtop a web browser. The researchers solution is drastically shrinking the size of the TCB. The TCB is shrunk by turning the web browser into an operating system in itself with direct access to hardware abstractions. | |||
Meanwhile, the IBOS must still support existing web applications while maintaining security. | |||
[[User:Atubman|Atubman]] 03:36, 2 December 2010 (UTC) | |||
This is what I understand of the TCB. Basically it is all of the components that are essential to the security of the computer system. Pretty much the stuff inside the kernel that if is compromised is "bad news bears". By removing things like device drivers, you reduce the TCB quite considerably (like probably 10s of thousands of lines of code). The smaller the TCB, the less of a chance that you have of an essential component getting corrupted. I don't know if I'm explaining it right, but maybe someone else can expand on what I've written here. | |||
--[[User:Gsmith6|Gsmith6]] 16:13, 2 December 2010 (UTC) | |||
EDIT: I've pretty much explained the background concept behind IBOS and I kind of added the way it's executed near the end. Feel free to move that into the research section. | EDIT: I've pretty much explained the background concept behind IBOS and I kind of added the way it's executed near the end. Feel free to move that into the research section. | ||
Line 57: | Line 100: | ||
The web itself is ubiquitous which a person can use for communication; banking, business, social networking and it can be useful for other purposes. There are different type of vulnerabilities web applications, browser, OS and library vulnerabilities. Insecure web browsers are monolithic, and they are easy to exploit. Secure web browser such as chrome isolate web applications and it still contain huge trusted computing base (TCB). Browser abstractions as the first-class OS, contains reduced TCB for web browser and it also have protection to withstand attacks to most components. [[User:vviveka2|vG]] | The web itself is ubiquitous which a person can use for communication; banking, business, social networking and it can be useful for other purposes. There are different type of vulnerabilities web applications, browser, OS and library vulnerabilities. Insecure web browsers are monolithic, and they are easy to exploit. Secure web browser such as chrome isolate web applications and it still contain huge trusted computing base (TCB). Browser abstractions as the first-class OS, contains reduced TCB for web browser and it also have protection to withstand attacks to most components. [[User:vviveka2|vG]] | ||
=Extra Resources= | =Extra Resources= |
Latest revision as of 05:57, 3 December 2010
Comments & Discussion
alrighty then.... I'm done for the night, I've just gone through it and it seems to flow nicely, and I made a few minor corrections here and there. I did have to make a major edit where I wrote all of the security invariants out and failed to notice that Youcef had done a similar thing just below it. Oh well.... It's fixed now. Night everyone --Gsmith6 05:57, 3 December 2010 (UTC)
I've added a few paragraphs in the background and the contribution sections including their references. Feel free to edit or add to them --Youcef M. 04:05, 3 December 2010 (UTC)
Don't forget your references guys!
--Youcef M. 00:30, 3 December 2010 (UTC)
I'm adding bits and pieces here and there in most of the sections including references.
--Youcef M. 22:01, 2 December 2010 (UTC)
--Writing up a critique of the researches evaluation methods for the critique section now
Atubman 21:25, 2 December 2010 (UTC)
I've added to the Contribution part of the essay. I've basically explained as much as I thought was pertinent in what the section was asking for but don't be shy to add more!
--Selliot3 14:11, 2 December 2010 (UTC)
IBOS is designed to talk directly to the hardware. That's why they have everything at the lower level. All that extra TCB in other browsers was for all the extra stuff like services, OS components blah blah. I get their drift and how less code is secure but I don't get how they did it! From where do they get the services they claim to have taken out but still operates the same as any other browser. There is a catch somewhere but I can't find it in the paper or maybe I'm blind. I've been reading a lot of text but I got nowhere, its either too complex or not close to what I'm looking for.
--Youcef M. 04:19, 2 December 2010 (UTC)
Brief description of the research problem below. (Still Needs expanding/fleshing out. can anyone help expand on why exactly shrinking the TCB will be more secure. I'm fuzzy on that)
The IBOS attempts to improve the security of web browsers. The writers argue that the large size of the trusted code bases (TCB) which modern web browsers make use of increases the possibility of a security hole. For example a hijacked window manager could be used to draw a fake phishing website overtop a web browser. The researchers solution is drastically shrinking the size of the TCB. The TCB is shrunk by turning the web browser into an operating system in itself with direct access to hardware abstractions.
Meanwhile, the IBOS must still support existing web applications while maintaining security.
Atubman 03:36, 2 December 2010 (UTC)
This is what I understand of the TCB. Basically it is all of the components that are essential to the security of the computer system. Pretty much the stuff inside the kernel that if is compromised is "bad news bears". By removing things like device drivers, you reduce the TCB quite considerably (like probably 10s of thousands of lines of code). The smaller the TCB, the less of a chance that you have of an essential component getting corrupted. I don't know if I'm explaining it right, but maybe someone else can expand on what I've written here. --Gsmith6 16:13, 2 December 2010 (UTC)
EDIT: I've pretty much explained the background concept behind IBOS and I kind of added the way it's executed near the end. Feel free to move that into the research section.
I can work on the background of IBOS
--Selliot3 23:03, 22 November 2010 (UTC)
It seems we only have 5/7 members. We should start splitting up the tasks and assign who gets what. So if everybody writes what section they would like to work on that would be great.
--Youcef M. 15:19, 20 November 2010 (UTC)
I'll do the contribution section. I'll be reading through the paper thoroughly today and taking notes as I go. I'll post them later on this page as a sort of cheat-sheet/reminder. --Gsmith6 17:45, 25 November 2010 (UTC)
Group Members
Leave your name and e-mail address if you are assigned to this question.
Youcef M. moussoud@gmail.com
I am alive and still in the class, selliot3@connect.carleton.ca
--Selliot3 18:12, 15 November 2010 (UTC)
Still in the class, andrewtubman84@gmail.com
I'm here. I have received an email reply from John Vanden Heuvel as well (he may not see this) gsmith0413@gmail.com --Gsmith6 22:31, 15 November 2010 (UTC)
I am here... and replied to the email
Question 2 members
Elliott Charles selliot3
Moussoud Youcef ymoussou
Pharand Alexandre apharan2
Smith Geoffrey gsmith6
Tubman Andrew atubman
Vanden Heuvel John jvheuvel
Vivekanandarajah Vijitharan vviveka2
Raw Information
The web itself is ubiquitous which a person can use for communication; banking, business, social networking and it can be useful for other purposes. There are different type of vulnerabilities web applications, browser, OS and library vulnerabilities. Insecure web browsers are monolithic, and they are easy to exploit. Secure web browser such as chrome isolate web applications and it still contain huge trusted computing base (TCB). Browser abstractions as the first-class OS, contains reduced TCB for web browser and it also have protection to withstand attacks to most components. vG
Extra Resources
http://www.cs.uiuc.edu/homes/stang6/ibos.html#slide1 I found some presentation slides by Shuo Tang, Haohui Mai and Sam King, the authors and developers of IBOS --Gsmith6 22:35, 25 November 2010 (UTC)