Jun 6, 2009

Secure Exception Handling

Exception handling is an important part of building a secure application. Developers are often asked to pay close attention to the security context in which the exception handler executes as to ensure maximum robustness, both from performance and security point of view, of the application. The reason I mention this is a little ATM incident yesterday where a friend's debit card was swallowed in the middle of a transaction by the ATM. As my buddy provided his bank card, PIN, and withdrawal request, the ATM decided to crash -- resulting in a big red screen stating that the machine was out of order. After 3-4 minutes, while my friend was in touch with the bank's customer service, the machine restarted and started working as expected.

So what happened?
Based on the above observations it seems that the generic exception handler used in the ATM machine tells the machine to void the transaction and keep the card. There's nothing wrong with that. In fact, this seems like the most secure way to fail an operation without knowing the exact causes of this failure. However, this is where the flaw in this ATM actually is -- the gap between the source of the exception and the exception handler is too big. It's so big that the handler that catches the exception doesn't know what to do with it. This is where robustness fails and legitimate customers get pissed off. :)

No comments: