you cannot steal IOUs or bitAssets from a gateway because the gateway has "superadmin" powers over their IOUs ON-THE-CHAIN(!!!) and processes the order books to bitassets ... so if someone manages to "steal" IOUs the gateway just freezes them or reverts them but simply does not process orders from that account ... thus the IOUs are stuck and worth nothing ...
furthermore the gateway knows exactly WHO owns HOW many IOUs and is the only instance that can process the orderbook to bitassets .. from that point on it's YOUR job to secure the funds ..
IMHO this is huge and most people don't get it!
Can't a gateways "superamin" powers be stolen? Someone hacks the gateway's BTS account and sends themself everyone's IOU, then dumps them on the market and runs off with the loot. Wouldn't it be safter if gateways didn't have superadmin powers, as those powers effecivly mean the IOUs are all held by the issuing gateway which is the same security risk they have today?
The gateway already holds all the real fiat so they already have effective control over the IOU's (they can choose not to honor them at any time). It would be quite easy to have a "failsafe" system in place, so if someone gets control of the issuing key and seizes all funds to their account, then a different server can be ready to freeze the market with another copy of the same key.
The issuing key can't really be used to protect against individual theft though. If someone manages to steal your IOU's you can bet they will dump them on the market for bitassets the very next block. Unless you react within 10 seconds of the theft your money is permanently gone.
IIRC the plan is to not need the issuer/superadming key(s) (also with multi sig) for operational .. so you can put them in coldstorage
//edit: hmm .. rereading BMs post I am not so sure if I am correct with the assumption that the gateway PROCESSES the orderbook... however I think this should and needs to be the case as the trading GATEUSD for bitUSD will change ownership of GATEUSD and as the GATEWAY has to know their shareholders (of GATEUSD) they need control the execution of the order book ...
to me it is currently unclear how the "order book" of gatewayUSD<->bitUSD will work...
@Bytemaster could you please enlighten us here?
edit2:
it seems I have misunderstood the concept. The orderbook is processed by bitshares and not the gateway .. the gateway has to follow the law KYC/AML when doing gatewayUSD<->USD .. and obviously cannot know the all holders of their IOUs (maybe not required, in contrast to stock).
anyway .. the IOUs are OWNED by the users and their private keys and cannot be stolen by a hacker (at least not from a centralized service) ..
trading to bitUSD can be done in the dec. exchange
the amount of IOUs issued should be equal to the amount of USD deposited by costumers .. and should be destroyed on fiat withdrawals ..
that means that the issuer/admin key is required for operational ...
a hacker thus could gain access to that key ... although the key could practically located ANYWHERE and not on a known server/network ...
once a hacker gained access to the issuer key new IOUs could be issued and traded against bitUSD ... that would effectively equal stealing of funds ... although it could go even worse as the IOUs could potentially be created up to the max supply ... so EVEN more IOUs could be dumped than there should be (hacking bitstamp can give you access to all BTC they OWN .. that is different in bitshares) ..
so what we need is a gateway that has issued some IOUs and stores them in a hotwallet .. the issuer key should be stored in coldstorage ..
that way a hacker cannot (easily) gain access to the issuer key but could gain access to the hotwallet ..
THOUGH, still the hotwallet could be managed from ANYWHERE .. (imho that is the only big advantage) .. maybe I am wrong somewhere again ..