This paper focuses on security countermeasures for the wireless world of dynamically attached devices, and device interfaces. It covers three aspects of the issue: description, integration, and implementation. The most interesting part of the paper is the section describing a set of countermeasures to mitigate identified risks, and the integration of these countermeasures within a larger policy-based architecture.
Wolthusen limits the categories of threats to application control, identification and authentication, and dynamic allocation, and offers some good examples for each. For the first category, he argues that enforcement of any security policy falls under the control of the applications and the operating system running them, and that such control with regard to other external interfaces, such as network and storage interfaces, leaves a gap in enforcement mechanisms that could be exploited by both malicious users and external threats. For the second category, he points out that both operating systems and application programs usually do not identify and authenticate devices and application programs (or users), whether the device is configured statically (wired) or dynamically (wireless).
In the third category, dynamic and automatic configuration mechanisms for the integration of new devices into the operating system are vulnerable to attacks. While in most Unix derivatives this vulnerability is more limited, the Windows NT family of operating systems provides support at boot time for plug and play (PnP), thereby exposing the system to several threats that do not exist in Unix systems. This means it is possible to bring about an insecure system state by having a system recognize an additional or new device, without requiring the presence and actions of an authorized user, or even elevated privileges.
Some countermeasures for these threats include a disabling of devices or device types at the level of the operating system, and selective granting of elevated privileges for accessing devices for certain applications or processes. Also important is the enforcement of security policies that require the environment to contain access controls, followed by the granting or continuation of control and data flows.
The effectiveness of implementing a security policy depends on the type of operating systems, the types of external and dynamic devices to which these systems are attached, and what services for external interfaces and devices are started at boot time by default. This applies to environmental subsystems, such as Win32 and portable operating system interface for Unix (POSIX), and to the native application programming interface (API). This means that, even though Unix derivatives do not require the booting up of services for PnP, some of their file objects may be used to represent and communicate with device drivers and devices.
Overall, the author presents a new perspective on threats and countermeasures, as they apply to dynamically attached devices. As new technologies evolve in the ever-growing and complex network systems, we will face the challenge of handling new threats, and providing new countermeasures to mitigate risks at an acceptable level. This paper is worth reading.