Log in

View Full Version : Achilles Heel in the Philosophy of Prometheus Boundless Security Paper


tHE mUTABLE
August 19th, 2008, 23:27
I've just released a new paper entitled "Achilles Heel in the Philosophy of Prometheus Boundless Security" at CodeBreakers-Journal or you can download a copy from my website at http://www.themutable.com (check the Publications section for a copy of the paper + POC), in which I present the security from philosophical perspective combining RCE, human factor (+ survey) and technology + POC (SC + Executable files) . I admit that it is not easy to understand and it does contain a lot of cryptic concepts that I developed on my own. It is not an easy process to fully elaborate on these ideas because it'll take me around 20 pages more to give a clear overview of what's going on behind each idea. More or less it is based on my experience with the inner and outer world in the security domain.

Here is a synopsis of the paper:

Abstract: This paper presents a semi-inclusive analysis of the current Black Box security and privacy breaches, taking into account human factor as information security involves both technology and people. Most of the problems in the security and privacy domain are of amalgamation nature, where there is no definitive embodiment of measuring the applicability of the security while the privacy is intact, especially without taking into consideration the human layer. This dispersion in the security and privacy area refers to many factors in the sphere of information distribution. Therefore, a philosophical approach will be emphasized concerning people compliance to the technology in general and to the way typical and competent end user sees the technology evolution and interaction, when a mutual symbiotic relationship should epitomize this correlation. An inductive/deductive reasoning called Shadowed Time Advancement (STA) and Probabilistic Mathematical Behavioral System (PMBS) are outlined in this paper to prove this problem by inspecting the difficulty of analyzing the system under assessment where in fact still a complete logical dissection of the outer/inner layout shell is pertinent. The degree of transparency in cyberspace is no longer valid in today’s ever mutant digital world. This can be shown by applying a heuristic attack by showing how the visibility medium is shadowed with time advancement. The fact that not all the companies consider people technology education as a must can be referred to the inconsistency in knowledge distribution. Knowing that people are anxious about the unknown, knowledge is the best counterattack against lack of knowledge; otherwise a self-destructive future will be imminent. Balance is what makes human aware of the evil spirit of this subversive world. In this paper a proof of concept is presented to show how a complete modification of an executable file could be carried out without detection.
Keywords— C++, Computer Science Philosophy, Human Factor, Privacy, Reverse Code Engineering, Security.

I hope you'll enjoy it. You are welcome for any comments, criticisms,...

Cheers,
M. F. Mokbel a.k.a tHE mUTABLE

upb
August 21st, 2008, 06:14
Hello.
Great paper, i have a question about a paragraph though.
On page 4, you state:
Code:

A monitoring matrix of scattered random modifications should
be traced to control these set of alterations so that a metatransformer
tool could be designed to handle it in automated
manner as a final revised edition. The main purpose of this
section is to demonstrate the validity of this approach
following a case study in which an absolute phase modulation
is applied.


And then the implementation contains those statements:
Code:


// String: Dashed text line removed, nopped...
char PH2[15] = {0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
File3P.seekp(0x20B3);
File3P.write(PH2, 15);

Do these lines of code represent the Phase Modulation Monitoring Matrix ?

tofu-sensei
August 21st, 2008, 06:39
you should've gotten someone to proofread it for you before publishing it...

Maximus
August 21st, 2008, 16:24
uuuh...
Dont want to sound too rude, but you won't make philosophy by renaming already named things with a more 'philosophical' equivalent. Renamed things do not open new dimensions for philosophy.
It doesn't work this way, sorry.

Well, I would start wrenching out your 'new naming convention', all those high-born philosophical terms that hides the ...mmmh... "contents".

If you do really want to open a space for philosophy into IT Security, you should start by not cheating when writing articles that your Professor will take 'as is' because he doesnt really understand a dime about what you are talking about (and if he says he understand i... uhm... wonder...).

By the way, the real problem at the basis of whole IT Security is not the chart you did, but the 'impersonation' problem. And the chart is far more complex because it should include the problematic of virtual identities, which you totally forgot, and that is at the BASE of what you are talking about. Basically, THAT is the real problematic behind it.
The dangerous aspect of the injection is not the "Phase Modulation Monitoring Matrix" ( ) but [in a very general sense] the fact that something stole somehow the identity token for doing things that should not be allowed to.
Almost all security problematics come in this form at the end, except the ultra-secure and security tested Orace 10 which had EMPTY dacl for newly added level of IT Security [exceptions always exist].
The Security model you outline and apply to the general IT Security is not good, as it is just too general to be good for anything. I suggest you to delve a bit more into the subject (studying the Windows Security Model could help you alot to undersand better these problematics) before trying to carve a space for philosophy here.

Not that there isn't space for it. But you need to do much, much more to carve it, in my opinion. And if you want to pursue it, you'd better get a far better grasp of the IT Security problematics, that are far over the 'patching of an application', as you will discover understanding the real, deep details of the Windows/Linux Security Model (Windows one is very interesting for this btw).

tHE mUTABLE
September 3rd, 2008, 18:22
Thanks. Sorry for late reply.

Hi upb,

Yes, this is exactly an absolute Phase modulation, and when I say absolute I mean an unmodifiable set of monitoring matrix alterations which is programmed specifically for this target; it's a highly complex process to monitor these alterations dynamically and generically as it requires the use of OOP plus other advanced techniques (...). I've chosen my words carefully, please let me know if you still in doubt!

@tofu-sensei
"If you can read this, thank a teacher." by Anonymous Teacher.

@Maximus
Who said that? You welcome, anytime.... keep it up

upb
September 4th, 2008, 17:47
I must agree that using OOP for monitoring matrix construction can be cumbersome at times, but this obstacle can be relieved somewhat by using OOP plus SOA based RESTful services. The latter add value in vertical market segments while gradually allowing to deliver the best ROI to horizontal customer base.