CBOOP component identifiers

[b][red]This message was edited by 684867 at 2005-1-15 10:15:58[/red][/b][hr]
Component Identifiers in Microsoft's COM (Component Object Model) is insecure. Its greatest flaw is the CLSID and the lack of any authentication mechanism to prevent components from being spoofed by viruses, worms and other such beasts.

CBOOP will be more secure with a CLSID-like mechanism that provides
such authentication. Here, we choose to authenticate a class identity by using 128-bit fingerprints using crypto algorithms during compile time. These fingerprints can be authenticated at run time.

A component calling another would effectively call the component loader (op/sys). Then it would build a fingerprint of the component that is loaded and compare this fingerprint to the known (expected) fingerprint of the component. Thus, the loaded component cannot be spoofed by malware components.

Excellence Breeds! Go Hard or Go Home.

Let Penguins rule the earth.
Break some windows today.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!