Nine Security Measures


Did You Know

The AI recommended a total of nine measures at the beginning of this activity; items 6 and 7 were noted.  Up to now, you have used an example of item 6 below, and after this, you will also see an example of how item 7 can be addressed. 

You might be thinking, “Why not just ask the AI to solve them all at once?”  In general, it is better to approach adding features to scripts incrementally, and development with AI is no exception.  Although the user tried the all-in-one approach several times, the AI gave so much weight to the security measures that the original features were no longer usable.  So, at the time of this experiment, it made more sense to work through them one at a time.  Between each one, it also made it easier to verify that the script retained its original functionality.

ChatGPT

Loading and executing arbitrary code received from an external source, as in Module 2 (Receiver), can indeed pose security risks. To enhance the security of the system, you can implement several measures:

  1. Code Signing or Authentication:
    Sign the scripts on the sender side using a private key, and verify the signature on the receiver side using a corresponding public key. This ensures that only scripts signed with the correct key are executed.
  2. Whitelisting:
    Maintain a whitelist of allowed commands or functions that the script is allowed to use. Only permit execution of scripts that adhere to this whitelist.
  3. Input Validation:
    Validate the incoming scripts for adherence to a predefined structure. This could include checking for the presence of required functions, specific comments, or any other indicators of a valid script.
  4. Use of Sandboxing:
    Execute the received scripts in a restricted environment or sandbox to limit their access to system resources. The exec() function in Python provides limited isolation, but more robust solutions like Python's ast module can be used to parse and validate the script.  (It would be nice to add ast, but due to size constraints, the micro:bit is not able to import it!)
  5. Limit Execution Time:
    Set a maximum execution time for the scripts to prevent potential denial-of-service attacks or infinite loops. Terminate the script if it exceeds the allowed time.
  6. Encryption:
    Encrypt the communication between the sender and receiver to prevent eavesdropping or unauthorized interception of the scripts.
  7. Access Control and Isolation:
    Utilize micro:bit's communication features such as channel, group, and address settings to restrict communication to specific devices or groups. This helps isolate the micro:bit from unauthorized interactions, enhancing the overall security of script updates.
  8. Authentication and Authorization:
    Implement a secure authentication mechanism to ensure that only authorized senders can communicate with the receiver. Additionally, enforce proper authorization to control which scripts can be executed.
  9. Error Handling:
    Improve error handling in the execution of scripts. Provide meaningful error messages without revealing sensitive information that could be exploited.