12

This question is, perhaps, a tad too abstract for a Q&A site. But it's been playing on my mind for a while, so I'm throwing it out there.

Modern systems seem to be increasingly centralised. An average user in the '90s would buy a computer from one manufacturer, have an OS by Microsoft, and then have a range of other suppliers for basic functionality such as compression applications, web browsers, and even memory extenders for the OS itself in the days of DOS.

Even the process of getting applications was a pretty decentralised process: one may use a search engine to find a company's website and then download an executable from it.

Today is of course very different: the OS builds most of the basic functionality in and often ties it with their online services. The process of even finding applications by other suppliers is done via the same company's 'app store'.

Anyway, on to the question: does centralisation, as a rule of thumb for security, increase the damage but decrease the probability of exploits?

I wonder this for the following reasons:

  • Downloading exe files from a range of sites is malware-prone, as any of us fixing a friend's computer in the early 2000s would know...
  • However, if a centralised 'app store' were to be properly hacked, it could impact every single application it distributes.
  • Building in more functionality into the OS decreases the likelihood of third-parties injecting potential security holes into an average OEM package for consumers using the aforementioned OS.
  • But unifying all applications as built-in for the OS means that, say, if the compiling process for the OS development was breached, the entire thing would get compromised. (This is overly simplistic; I'm not genuinely suggesting, for example, that Windows Media Centre is compiled alongside the actual NT kernel.)

In short, centralised systems seem to safe-guard newbies against trivial security issues. But isn't the damage of a centralised supplier being hacked much greater than only a single small supplier being broken into?

Louis Jackman
  • 463
  • 2
  • 10
  • 2
    Short answer yes. Its quite literally putting all your eggs in one basket. There's 'less' stuff to secure but more wide spread damage if it breaks/is broken into. – NULLZ Jul 11 '13 at 06:44
  • 2
    That's what I suspected :) I'm looking forward to the first massive, large-scale, and heavily-impacting hack of a centralised media/app store such as Amazon's ebook service or Apple's App Store. I look forward because, despite it hurting users in the short term, it will help them be more discriminating with such services in the future, and more suspicious about, as you say, putting all of one's eggs in a single basket. – Louis Jackman Jul 11 '13 at 06:52

2 Answers2

2

The probability of exploits is a vague term.

What you've got in reality is the number of exploitable bugs in the code, the number of bad guys working to find them, and the number of good guys working to close them (it is useful to think of this stuff in terms of FTEs - full-time equivalents, even if many researchers (blackhats and whitehats) don't dedicate themselves 8/40 to the task at hand).

Centralization tends to increase the incentive to hack - the stakes are much higher. D3C4FF is right that this indeed puts all the eggs in one basket.

However, centralized organizations can afford spending money on hiring the good guys (ex-bad guys in some circumstances). Large firms have the brains and dedication and foresight to make some of the staff available for security research instead of toiling like monkeys for immediate monetary gratification of the shareholders. IBM and Microsoft are prime examples, IMHO.

Centralized organizations can be practically considered monopolies; it is often surmised that monopoly status makes companies lazy and overly arrogant (Oracle, I'm looking at you re: Java patching!).

The resulting interplay of psychological, organizational and sheer quantitative factors gives a very rich picture.

To sum it up, the risks are greater, the potential for losses is getting enormous, but there are some forces that mitigate the risks. It would be very rash to say that probability of exploits goes down.

Deer Hunter
  • 5,327
  • 5
  • 34
  • 50
  • Oracle and Java was a good example actually :) I visualise modern systems like a massive house of cards -- they're so monolithic and centralised that pulling a single card out brings down the whole house. – Louis Jackman Jul 11 '13 at 07:04
  • 1
    @ljackman That's actually the issue defense in depth is trying to mitigate: instead of relying on a single "fortress" to be impregnable, you build a series of barriers that are suppose to "fill in the gaps" if one of them falls. – Stephane Jul 11 '13 at 07:15
  • @ljackman - Wouldn't characterize them as a house of cards - they are built to be resilient, sometimes even going for implementation diversity. This is a slightly different question, though. – Deer Hunter Jul 11 '13 at 07:16
  • Multiple barriers is essentially security via redundancy, right? I imagine this works for the same reason as having multiple organs in our body increases our reliability as humans... – Louis Jackman Jul 11 '13 at 07:18
  • 1
    Not quite: implementation diversity means you have one carbon-based organ designed by A.Being, and another silicon-based organ designed by somebody else. Redundancy with a single software package is prone to failing spectacularly **at once**. – Deer Hunter Jul 11 '13 at 07:21
  • So similar enough to not trip each other up on the same system, but different enough to not both be exploited by the same mechanism by a piece of malware? – Louis Jackman Jul 11 '13 at 07:29
  • 2
    @ljackman - the interaction of reliability and security is a very complex topic, you can ask about that in a separate question. – Deer Hunter Jul 11 '13 at 07:33
  • Thanks, I might do that if I think of a question that's relevant enough. – Louis Jackman Jul 11 '13 at 07:36
1

Perhaps if you use the term "Walled Garden" for your concept of "centralized" things would come into perspective quicker as that is the term of art for what you are describing. There is a very strong argument for suggesting a walled garden ecosystem is more secure not less. Apple is the premiere example of that proposition. Furthermore, Microsoft Windows 8 secure boot technology moves them toward that camp and in the process enhances their security features.

One oversimplification, in my opinion, of your basic assesment is the suggestion that gaining access to the app store or kernel compiler would provide keys to the palace in one simple step. The hashes and signatures of the related files are reviewed constantly. It is an extremely inexpensive quality check preventing just the attack you suggest (and tons of other internal mistakes such as human error). Thus the opportunity for damage via that vector is nearly zero. That very situation happened when kernel.org got owned. The underlying security feature of that repository, Git's hashes and signing, completely prevented any damage to the core Linux repository even though the attacker had full access to the site.

Both walled and open environments have been with us since the beginning of the Internet age and to date walled gardens are more secure not less. There are several other factors that contribute to that historical fact the main one of which being the numbers of systems available once the attack succeeds.

The bottom line is both Microsoft and Apple are successfully using a walled garden approach to enhance security over that of the alternative.

zedman9991
  • 3,377
  • 15
  • 22
  • Walled gardens being hacked are probably a Black Swan event -- much less frequent, but much more damaging. The problem is that previous frequency is easier to observe than potential damage. Whilst I agree that such walled garden systems might have superb security in place, better than smaller suppliers with a smaller security budget, isn't it still the fundamental case that damage is greater if a single, unified supplier is hacked rather than a single one amongst many? – Louis Jackman Jul 11 '13 at 16:54
  • Perhaps but to my mind fat tail Black Swan events are much more likely in a ubiquitous piece software or feature set creating massively distributed attack surface. That path to doom is unrelated to either approach. However, with the walled garden the ability to autopatch might be increased depending on the scenario. Time will tell... – zedman9991 Jul 11 '13 at 17:14