me, 2.0: jose nazario
beauty and the street
The App Store as a Security Model
Like it or not, the "app store" model is a likely future scenario of computing which really improves security by reducing the attackable space on a user's computer. When paired with cloud computing there's a retro-future aspect to this. We're all headed right back to mainframes and dumb terminals, but this time with shiner devices. The app store model here refers not just to Apple's "App Store" but anyone with a marketplace for installable applications that they gate.
This model has hit it big again, lately, with the iPad and various complaints that Apple's way too restrictive in their relationships with developers. There's a bit of truth to peoples' claustrophobia around this along with the unfairness complaints about Apple's recent behavior. There is another angle to this, and that's reducing the attack surface.
When you think about what a lot of people need to do, it's play some media, handle email, chat and facebook, and surf the web. It's not to do things like manage antivirus or a personal firewall, worry about the latest scareware, etc. The bad guys on the Internet thrive in this complex, confusing, arbitrary purpose computing environment. While you may need to create the next Google, lots of people don't, they just need to work, to communicate, and to enjoy.
The app store model reduces the attack surface are in a few ways. First, there is a strict way to get code to run on the system, including signing and gating through the actual application store that does the download and installation. Secondly, apps are presumably vetted (although, I doubt, for security weaknesses or malicious options), meaning rogue apps could be blocked from entry. Third, telcos and OS folks can always revoke an app's runnable status.
This ignores, as noted, any failure to screen for hidden rogue actions in an app, security flaws (accidental or intentional), or even bribery to get an app into the app store.
Couple this to the cloud, where you have something similar: fewer options, determined by someone else, offered to you as a choice. The cloud is where resources can be allocated to protect your documents. With this mix you now have a model that feels increasingly boxed in for some folks, but is really quite liberating.
What this model does, as far as security is concerned, is move a large chunk of the risk to central, manageable locations: the app store gateway, and the cloud operations folks. Presumably these should protect their own turf, and by extension you, but that's a bit of a stretch and we know it wont always happen that way. I expect some significant issues with app stores and the cloud in the coming years, but I also anticipate that we'll wind up with this model widely adopted, and with significant security benefits to come. Imagine a world where Zeus and Koobface can't arbitrarily infect your computer. Threat vectors will change but never go away.
As for me, I use the cloud but I still use a general purpose OS on my netbook and laptop. I like to innovate, and a closed platform like the iPhone OS isn't supportive of that. That said, I'll probably ditch my iPhone when my renewal comes up, it's simply not exciting enough in terms of its innovation any more. Better apps are being written elsewhere.
next Saturday, Aug 27, 2011 @ 09:01am |
previous Sunday, Jan 04, 2009 @ 10:57am
Last modified: Friday, Apr 16, 2010 @ 02:35pm
copyright © 2002-2015 jose nazario, all rights reserved.