Monday, May 08, 2006
Computer Security - The Next 50 Years
Security and validation are critical issues in computing, and the next fifty years will be harder than the last. There are a number of proven programming techniques and design approaches which are already helping to harden our modern systems, but each of these must be carefully balanced with usability in order to be effective. In this talk, Alan Cox, fellow at Red Hat Linux, explores the future of what may be the biggest threat facing software engineers, the unverified user.
The well meaning user, often an employee of the company, represents a particular threat to computer systems because they work within the security perimeter and must be handled gently. Software developers are beginning to build some established security techniques into their code in order to protect the system from malicious exploits and well intentioned blunders. For example, some tools in the GCC compiler can now detect buffer overflows which no amount of code gazing had revealed before. Modularity, variation, and randomization of memory, file handles or process IDs can also help limit the spread of exploits. Breaking systems into components means that discreet rules can be imposed in order to limit the tasks which different pieces can execute. This approach could, for example, be used to define the allowable actions of an image viewer very precisely, reducing the possibility that the viewer could be hijacked to spawn a shell for malicious intent. Separation of secrets is another helpful concept. For example, a bluetooth phone can work very well as a remote security device for user verification.
No matter how good our prevention methods get, Cox argues we must understand ways to mitigate attacks. Flaws in software are inevitable, and bound to grow given the complexity and ever more rapid development cycles. A current emphasis in RedHat's Security-enhanced Linux (SELinux) is to defend against the user as a point of vulnerability to viruses and spyware. The computer can be taught to enforce security policies that the users themselves are unlikely to uphold, given their propensity to ignore advisories and software dialog boxes. Software engineers must build in security that is active by default, and they must understand the user so that security tools are actually used. If security thwarts the users or makes them stop and answer hard questions, the users will inevitably bypass even the strongest security measures.
source:http://www.itconversations.com/shows/detail869.html
