Into the Black Box: A Case Study in Obtaining Visibility into Commercial Software

Abstract

We were recently involved with a project that faced an interesting and not uncommon dilemma. The project needed to programmatically extract private keys and digital certificates from the Netscape Communicator v4.5 database. Netscape documentation was inadequate for us to figure out how to do this. As it turns out, this inadequacy was intentional Netscape was concerned that releasing this information might possibly violate export control laws concerning encryption technology. Since our interest was in building a system and not exporting cryptographic technology, we decided to further investigate how to achieve our objectives even without support from Netscape. We restricted ourselves to the use of Netscape provided code and documentation, and to information available on the Web. Our objective was to build our system, and to provide feedback to Netscape on how to engineer their product to provide the capability that we (and others) need, while not making the product vulnerable or expose the vendor to violations of export control laws. This paper describes our experiences peering into the black box.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 1999
Accession Number
ADA367147

Entities

People

  • Daniel Plakosh
  • Kurt C. Wallnau
  • Scott A. Hissam

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • C4I

DTIC Thesaurus Topics

  • Case Studies
  • Coding
  • Computer Programs
  • Cryptography
  • Cybersecurity
  • Databases
  • Decoding
  • Electronic Mail
  • Engineering
  • Export Controls
  • Exports
  • Homosexuality
  • International Trade
  • Security
  • Software Development
  • Standards
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.
  • Geospatial Intelligence and Artificial Intelligence Analytics
  • Theoretical Analysis.