| Computer security measures, policies and mechanisms generally fail if they are not understood and accepted by all parties involved. To be understood, many security mechanisms currently proposed require security expertise by multiple parties, including application developers and end-users. Unfortunately, both groups often lack such knowledge, typically using computers for tasks in which security is viewed at best as a tertiary goal. The challenge, therefore, is to develop security measures understood and accepted by non-experts.;To address issues related to malicious sites and dangerous interactions between sites, we discuss the joint work SOMA, a browser extension. SOMA enforces a security policy that limits interaction between web sites to those that are pre-approved by one or (optionally) both sites involved in any interaction. SOMA can be incrementally deployed for incremental benefits, and selectively deployed to those sites for which tighter control over content sub-syndication is acceptable. To address rootkits and malware affecting the installation and integrity of binaries, we present three policies; configd, bin-locking, and increased kernel protection. For each approach, we discuss the architecture, implementation and support required. These ideas are suitable for many types of end-user machines, including those running Linux and Windows. They do not require any centralized infrastructure. We discuss approaches which do not depend on either software developers or users to properly address software security.;We pursue measures which require little or no user expertise, to facilitate broad deployment among non-technical user bases. By reducing the requirement that end-users self-police applications, we reduce the chance of policy enforcement errors causing security exposures. The security measures discussed are also straightforward and intended to avoid reliance on security expertise among application developers. For example, restrictions imposed by an application's target run-time environment essentially remove development choices (thus removing dependence on the developer to make proper security choices). We pursue measures designed to be suitable for deployment to large segments of the development community, to reduce the knowledge and adoption barriers that may otherwise arise. The security measures we propose provide protection by significantly restricting the operations that an application is allowed to perform. |
