Saturday, May 21, 2005

Thought for the day

I have been thinking about security for a while. I have come up with a probable law, but I am not sure if it is already well know. Anyway, here goes.

"The More free memory you have on your system, the more your system will be vulnerable to security risks"

Balbir Singh

Stated Mathematically

Security risk is directly proportional to the free memory on your system.

Do you think it makes sense?

I will explain my theory in detail in another posting, sometime later.
at

7 comments:

Gops said...

I beg to disagree - I think the more apps you have on your system, the greater is your risk. And with more apps, comes less free memory...

3:15 PM
kattricker said...

Neither! I think the more bandwidth on your network, the more vulnerable your system. The network is the computer remember?

6:07 PM
Balbir said...

Good points both of you. But if you see what's hacked, its usually a resource and without free memory the hack is likely to fail. For the networking part, I think you need to have a vulnerable application to attack.

I think I will try and collect some more data and try to come up with a plot if possible of resources/hacking vulnerability

10:54 PM
H said...

Agree with Balbir on this,if a machine is hacked, the hacker needs some malicious code to run , now the amount of damage which the code can do is more or less determined by the memory free ???

10:13 PM
kattricker said...

hmmm... well certainly the malicious code needs to run and needs memory as a result, but I still dont see how more means more damage?

In the networking case if you consider the DOS attack (denial of service), it actually works because of limited buffer! If you allocate more buffer, you probably will delay the death of the service.

So going by that analogy, if you have more memory perhaps you can recover your system faster once the malicious code is detected. (Your anti-malicious code requires to run on memory too!)

11:57 PM
Balbir said...

Good point Karthik. But will any good malicious program leave enough memory space/CPU for an antivirus to run?

It might do so to go un-noticed. Consider a system with very little free memory, it makes the system harder to exploit if the address space is well protected.

I agree about the anti-virus thing, we need memory to recover from it. May be the system should pre-allocate memory for critical tasks like system recovery (which I think smart OSes do)

11:09 PM
kattricker said...

The malicious code only needs to exploit the vulnerability (it doesnt have to eat up all free memory unless thats what it wants to do right?).

Besides, the malicious code can always succeed as long as the anti-virus is unaware of it (it doesnt have to cripple it). Most malicious programs only thrive until detected.

I didnt understand the proof.

11:48 PM

Post a Comment

Subscribe to: Post Comments (Atom)

Ranking and Unranking permutations

I've been a big fan of Skiena's Algorithm Design Manual , I recently found my first edition of the book (although I own the third ed...

  • Time out, take a break, Dravid!
    (Photo from http://content-usa.cricinfo.com/indvaus2008/content/current/player/28114.html) Dravid's dismal form continues in test crick...
  • Lagrange's interpretation in python
    I've been reading up on Fast Fourier Transform (FFT) from several books on algorithms that I have, TCLR, Tamassia, Sahni, Numerical Rec...
  • Be a role model
    I still remember meeting a great architect at a place I worked. He was very humble and so good that he was a role model. Basically whether w...