Application Whitelists May Be In Your Future

9 07 2012

Whitelisting and blacklisting is happening all around us every day.  Each 
offers benefits, but must be considered on a situation-by-situation basis.
 Some examples of whitelisting include when users are granted access with 
keys or codes for physical access to offices, homes, or automobiles. Only
 persons possessing the keys or codes are granted access.  Your cell phone
 has a whitelist for the unlock mechanism in the form of those who know the 
code or pattern, but a blacklist for screening calls.  Blacklists can be
compared to the FAA’s no-fly list, although because of the size of the 
pool of travelers and difficulty in identifying members of the blacklist 
there must also be a whitelist system in the form of passports as well.

Antivirus systems seek file patterns, or the known behavior and deny these
 malicious activities.  When it comes to viruses however there more
 varieties than antivirus definitions and threats are evolving daily.  New
 unpatched threats called “zero day exploits” are difficult to defend
 against which is where the whitelist really shines.  Whitelists when used 
in the right context can offer protection from unknown or undiscovered
 threats, as they blanket deny all those that are not on the list.  In 
terms of computing systems and networks whitelists include ACL’s (access 
control lists), digital certificates, or application level firewalls such 
as the one used in recent releases of Apple’s OS X.

An application whitelist is a good alternative to antivirus in cases where 
the list of applications users would like to run is finite. The list of
 allowed applications in these circumstances might be generated manually by 
individuals or organizations, or through an application signing system.  A
 recent whitepaper jointly released by Mcafee, and the Pacific Northwest
 National Laboratory extols the benefits of application level security 
controls for industrial infrastructure protection.  But can such measures 
be effective against intelligent threats such as stuxnet, and flame?  The
 Australian Department of Defence, Intelligence, and Security thinks so,
 and listed application whitelisting among its top 4 security strategies.

Whitelisting and blacklisting can each be effective when the set of 
elements to be blocked or allowed is small and finite, but when the
 potential pool of elements becomes larger, or discerning those elements 
becomes less straight forward access control becomes more complicated, and 
a hybrid solution is required.  If government and critical infrastructure 
implement application whitelists, it may not be long before popular 
operating systems and computer vendors offer the same to consumers and
 other businesses. Perhaps your next computer will incorporate a
 whitelisting system?
_____________
http://www.schneier.com/blog/archives/2011/01/whitelisting_vs.html

http://www.infosecurity-magazine.com/view/26475/whitelisting-is-the-solution-for-the-national-infrastructure/

http://www.mcafee.com/us/resources/reports/rp-energy-sector-industrial-control.pdf

http://www.dsd.gov.au/infosec/top-mitigations/applicationwhitelisting.htm

 

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: