Over time, computer security has become more and more important. Many developers have gotten through their entire schooling, and even years on the job without having a good fundamental understanding of basic security principles that will help them keep their software secure. Because of this, you should expect to see a small collection of posts about security related topics on this blog over the next little while.
Today, though, I want to bring up one of the more useful principles of computer security: blacklists and whitelists. A blacklist is probably something you have all heard of. Essentially, it is a list of people (or other entities) who are not allowed to do something specific, like access data, perform some task, or receive some benefit. A whitelist is the opposite, where the list contains people who are allowed to to something specific.
The key difference between the two lists is in what to do with new people or entities. With a blacklist, because the person is not on the list, it is assumed that they are allowed to do the thing, whereas, with a whitelist, because a person is not on the list, it is assumed that they are not allowed to do the thing.
In the security world, white lists are usually the preferred option.
As an example, let’s say you are taking small children to a nice restaurant. Because of the nature of little kids, there is some risk involved, and so you want to give the children some guidelines about what they can and can’t do. If you take a blacklist approach, you’ll say to the kids, “While we’re in this restaurant, there’s no poking, fighting, or yelling allowed.” You figure you’ve got everything covered and go into the restaurant. Five minutes later, the children start hitting their glasses with their spoons, making a lot of noise and disturbing the whole restaurant. You immediately see the problems this has caused, and can then add “you can only use your spoons for eating” to the list of rules, but the damage has already been done. A whitelist approach to this would have been to say “When we go into the restaurant, you can only whisper, and eat your food in a normal manner. If you need to do something else, you have to ask first, and get permission, otherwise you will immediately be taken out of the restaurant without your food.” The difference here is that now, when they go to pick up their spoon before the meal is even there, you know (and they know) that they’re already doing something out of the ordinary (an anomaly) and you can detect the trouble before it occurs.
OK, kids in a restaurant may not be the best example, but it is one everyone can relate to. We’ve all been kids in a restaraunt, many of you have kids of your own, and the rest of you have been in a place where kids were behaving poorly.
But here’s a more practical example in the computer world. Many viruses come to a computer through the Internet. If you have some anti-virus software, many of them check incoming data against a list of known virus signatures, and can say “hey, this looks just like the slammer worm” or another virus. It does a great job of detecting when a piece of data is behaving in the same way as a known blacklisted virus, and can prevent it. But what about when someone creates a new virus that is different from anything that we’ve seen before? If the anti-virus program is strictly using only a blacklist (which they’re usually not) then your anti-virus program will say “This doesn’t look like any of the blacklisted viruses, so I’ll assume it is OK.” Eventually, the virus will do its damage, and the program’s developers will add its signature to the blacklist, and your machine will eventually get up-to-date signatures, and be able to prevent it in the future, but not until after the damage has been done.
A whitelist, in this example, probably would have spared the computer of an attack. For example, Windows Vista (and I’m assuming Windows 7 as well) will occasionally gray out the entire screen and bring up a popup window saying “Hey, this program is trying to write to the system directory. Did you really want it to do that?” What Vista is telling you is that this program is not on the whitelist for performing this operation, and it is ready to deny the request, unless you want to add it to the whitelist.
Now, there are times where a blacklist is best. And there are also times where a combination is the ideal solution. That is for you as a developer to decide. However, blacklists are often easier to implement–don’t just take the easy route here, and choose a blacklist, simply because it will be easier. Make the right decision for your software or you could face a lot of problems with it.
View CommentsCopyright © 2012 16Bit
stuff for programmers
Proudly powered by WordPress & Shine by Creamy
W3C: Valid XHTML - Valid CSS 3
