Peter Firmstone wrote:
...
> The assumption I've made is, it will be very difficult for an attacker
> to predict when a thread will access a method on the delegate, then
> later, be called by that very same thread, so his class can call the
> delegate unchecked. Any thoughts on this? Am I overlooking something?
...
To win the overall game, a security system needs to block every single
attempt at breaking the rules.
An attacker only needs have some chance of single try success and a way
of causing repeated attempts until one succeeds. Assuming independence,
an attacker with a probability p of single try success gets a
probability t of at least one success in log(1t)/log(1p) tries.
For example, it takes less than 700,000 attempts to get a 50% chance of
at least one attempt succeeding, given a one in a million chance for a
single attempt.
If you can enforce upper bounds on both the number of attempts and the
probability of each attempt succeeding it may be possible to show that
the overall probability of successful attack is low enough to ignore.
Patricia
