Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Safest communication method between applications on same machine

What is the safest communication method between two applications on the same machine, both Java and C/C++ clients with a Java server.

Are SSL sockets safe enough or they can be broken by "man in the middle" attacks?

The main concern here is how the clients can trust the local server?

Would introducing a remote server improve the security of the local communication and how can this be achieved?

like image 516
Radu Avatar asked Jan 22 '23 02:01

Radu


2 Answers

You need to elaborate your threat model. It's a general truism that anyone with physical access to your hardware, motivation and sufficient time will be able to subvert anything. This goes double if that attacker happens to be an admin on the server.

And yes, anything that is in your code is readable with admin access. You can try clever tricks like encrypting or obfuscating a password stored in binaries/JAR files, but this is a hindrance, not an absolute barrier.

Again, on the other side, there are no absolute barriers for confidentiality, merely more or less efficient obstructions. Whatever your measure, whatever the strength of your encryption and key management, with enough time and incentives, anything will yield. Which returns us to my first point: what is your threat model (what attacks do you wish to protect against); how much are your protected assets worth; and whom and what do you trust?

like image 51
Pontus Gagge Avatar answered Jan 24 '23 16:01

Pontus Gagge


Safe from what? If an attacker has root, they can subvert system calls and spy on memory buffers before encryption and after decryption, and nothing you can do is safe.

If an attacker does not have root, they can't see this information even if you don't encrypt it.

So I don't see a point to this.

like image 39
bmargulies Avatar answered Jan 24 '23 14:01

bmargulies