{"id":457,"date":"2009-09-16T21:00:00","date_gmt":"2009-09-17T06:00:00","guid":{"rendered":"http:\/\/www.cloudidentity.com\/blog\/2009\/09\/16\/an-example-of-trusted-subsystem-fail-in-meatspace\/"},"modified":"2009-09-16T21:00:00","modified_gmt":"2009-09-17T06:00:00","slug":"an-example-of-trusted-subsystem-fail-in-meatspace","status":"publish","type":"post","link":"https:\/\/www.cloudidentity.com\/blog\/2009\/09\/16\/an-example-of-trusted-subsystem-fail-in-meatspace\/","title":{"rendered":"An example of trusted subsystem fail in meatspace"},"content":{"rendered":"
digg_url = “http:\/\/blogs.msdn.com\/vbertocci\/archive\/2009\/09\/16\/an-example-of-trusted-subsystem-fail-in-meatspace.aspx”;digg_title = “An example of trusted subsystem fail in meatspace”;digg_bgcolor = “#FFFFFF”;digg_skin = “normal”;digg_url = undefined;digg_title = undefined;digg_bgcolor = undefined;digg_skin = undefined;<\/div>\n

Here I am, stuck in Sydney airport for various cascade delays but awarded with the Gift of Free WiFi. I am coming back from a awesome 2 weeks in Australia and Nw Zealand, where I met great customers & partners, enjoyed the company of amazing friends & colleagues and drew few chuckles (while hopefully passing some claims knowledge too)<\/a> from the awesome audiences of #tenz9<\/a> and #auteched<\/a>. BTW, thank you for the fantastic feedbacks!<\/p>\n

I should really take advantage of any free minute for working on the book<\/a>, but having woken up at 2:45am I don\u2019t feel especially intelligent (if ever) and I\u2019d do more damage than good: hence I\u2019ll just spend 1\/2 hour reinforcing one topic that was especially popular during the techeds, the argument against trusted subsystems.<\/p>\n

Case on point. TechEd New Zealand took place in the same hotel where the speakers were staying. The event level was directly connected to the rooms via handy elevator, but unfortunately they were not accessible:<\/p>\n

\"IMAG0100\" <\/p>\n

 <\/p>\n

Or at least, that\u2019s what the black tape and the sign would want you to believe.<\/p>\n

However, if you\u2019d be rebellious enough (I believe the technical term is \u201cpolarity responder\u201d) and if you\u2019d be so bold to hit the call button anyway\u2026 surprise! You\u2019d get the familiar \u201cpling!\u201d of the elevator and one cabin would materialize at the floor.<\/p>\n

Now, you can think of this button-tape-signs contraption as the frontend of the application \u201cgo to your room\u201d. This application tries to keep everybody out, apart from the service people who indeed know that the elevator works perfectly. It is not a very secure way of protecting a resource, but the intent is clearly that one. So, if the only line of defense would be this, or in other words the elevator cabin would live in a trusted subsystem<\/em>, then the security of the solution would be very, very ineffective.<\/p>\n

In fact, it turns out it\u2019s not the case. Even if you \u201chacked\u201d the system by clicking the button anyway and went around the tape, clicking on the floor buttons would not do you any good: it turns out that you need a room key for accessing your floor.<\/p>\n

\"IMAG0101\" <\/p>\n

 <\/p>\n

So that\u2019s not too bad after all, but it could have been \ud83d\ude42<\/p>\n

Note. This example does not map 1:1 with what we discussed in the sessions, since here there\u2019s no delegation (I am using the room key directly, there\u2019s no actor that pushes buttons on my behalf), however hopefully that gives you (if necessary) the feeling of why it is a good idea to make access checks at the resource and on actual user privileges instead of expecting that the frontend security will always enforce the right thing \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"

digg_url = “http:\/\/blogs.msdn.com\/vbertocci\/archive\/2009\/09\/16\/an-example-of-trusted-subsystem-fail-in-meatspace.aspx”;digg_title = “An example of trusted subsystem fail in meatspace”;digg_bgcolor = “#FFFFFF”;digg_skin = “normal”;digg_url = undefined;digg_title = undefined;digg_bgcolor = undefined;digg_skin = undefined; Here I am, stuck in Sydney airport for various cascade delays but awarded with the Gift of Free WiFi. I am coming back from a awesome 2 weeks in…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[61,9,35,60],"tags":[],"class_list":["post-457","post","type-post","status-publish","format-standard","hentry","category-architecture-ws","category-identity","category-useless","category-wild-ideas"],"_links":{"self":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/457","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/comments?post=457"}],"version-history":[{"count":0,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/457\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/media?parent=457"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/categories?post=457"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/tags?post=457"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}