Check out the new USENIX Web site. next up previous
Next: Register Manipulation Up: Application Deletion Previous: Application Deletion

Recommendations

There are several preventive approaches for this type of attack. Trapping operating system calls at the API level has been employed in certain scenarios [18]. The calls are often patched to alert the user of a particular action or to disallow an action altogether. Placing the onus of allowing or disallowing certain functions on the user can be problematic as, more often than not, the user is not security-conscious and will improperly configure, circumvent, or completely ignore the protection mechanisms due to their complexity. Security processes need to be in place at the operating system level that are undetectable and inescapable.

While this technique of trapping operating system calls has enjoyed some amount of success, it has the drawback that applications legitimately creating and erasing their own databases are often hindered. One remedy to this situation is to have the operating system enforce rules that only allow modification to databases with the same Creator ID as the application performing the actions. In this case, the Creator ID would need to be non-modifiable by the user.

Kingpin
2001-05-09