Resilient Cyber Security and Privacy Butler Lampson Microsoft Research Cyberforum April 7, 2015.

Slides:



Advertisements
Similar presentations
1 Accountability and Freedom Butler Lampson Microsoft September 26, 2005.
Advertisements

Creating the Ultimate Online Customer-Service Experience Stefan Beeli, Vice President ESP Computer Services Choosing the proper level of Technology A look.
Part I: Making Good Online Choices
Five Steps in 5 Minutes Close deals faster, more easily, more often! 1.Start a Quote: Input deal amounts and review the available lease options 2.Create.
Digital Disasters Laura M Cyberbulling Digital Reputation Identity Theft Offensive or Illegal Content Sexting Unwanted Contact.
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
1 Operating System vs. Network Security Butler Lampson Microsoft Outline What security is about Operating systems security Network security How they fit.
SECURITY CHECK Protecting Your System and Yourself Source:
Netiquette Rules.
1 Accountability and Freedom Butler Lampson Microsoft October 27, 2005.
Computer Viruses.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
 Communicating with friends is now easier than ever, for example on Facebook you can connect with all your friends and chat to them very easily and instantly.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Digital Citizenship By Bhavna. Plagiarism Plagiarism is illegal and can get you arrested. If a teacher finds out you used plagiarism he/she can fail you.
Social impacts of the use of it By: Mohamed Abdalla.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Nine Elements of Digital Citizenship BH. Nine elements is identified to create a digital citizenship. Digital Access: full electronic participation in.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
What is Architecture  Architecture is a subjective thing, a shared understanding of a system’s design by the expert developers on a project  In the.
Information Security and YOU!. Information Assurance Outreach Information Security Online Security Remote Access with Demonstration The Cloud Social.
FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
CS CS 5150 Software Engineering Lecture 18 Security.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.
Chloe Miles IMPROVING PRODUCTIVITY USING IT. Menu Using Word Advantages Disadvantages Conclusion E-Safety Social Media Dangers of Social Media Sites Staying.
Digital Citizenship Grade Why are we here and what is Digital Citizenship? Part 1: What is Private Online? Part 2: Passwords Part 3: Responsibilities.
100 Internet Safety Jeopardy Social Network Sites Online Shopping Words & Pictures Cyber- bullying Internet Scams.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.
Topic 5: Basic Security.
Mario Čagalj Sveučilište u Splitu 2014/15. Sigurnost računala i podataka.
Using LastPass. Great password management is impossible w/o a great tool Auto-fill (hands-free login) will save you approximately one hour per month You.
Security: The Goal Computers are as secure as real world systems, and people believe it. This is hard because: Computers can do a lot of damage fast. There.
ISPAB Panel on Usable Security Mary Frances Theofanos - NIST Ellen Cram Kowalczyk - Microsoft.
Lecture 1 Page 1 CS 236 Online What Are Our Security Goals? CIA Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
SAFEGUARDING YOUR ASSETS AND PREVENTING FRAUD
Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.
Unit 2 Assignment 1. Spyware Spyware is a software that gathers information about a person or site and uses it without you knowing. It can send your information.
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Personal Control of Your Data Butler Lampson August 8, 2013.
YEAR 6’S GUIDE TO STAYING SAFE ON THE INTERNET. CHATTING When you are chatting to people online, try not to give out any personal information about yourself.
FERPA & Data Security:FERPA & Data Security: Passwords and Authenticators.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Social Impacts of IT: P6 By André Sammut. Social Impacts IT impacts our life both in good ways and bad ways. Multiplayer Games Social Networks Anti-social.
The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.
Information Security, Theory and Practice.
how to prevent them from being successful
Accountability and Freedom
Impact of IT Consumerisation on Enterprise Security
Information Security 101 Richard Davis, Rob Laltrello.
Schneider Symposium on Trustworthiness
Richard Purcell Corporate Privacy Officer Microsoft Corporation
Other Sources of Information
INFORMATION SYSTEMS SECURITY and CONTROL
Lecture 5: Beyond Threats
Mohammad Alauthman Computer Security Mohammad Alauthman
Cybercrime By: Kimberly Foreiter
Presentation transcript:

Resilient Cyber Security and Privacy Butler Lampson Microsoft Research Cyberforum April 7, 2015

Security: What we know how to do nSecure something simple very well nProtect complexity by isolation and sanitization nStage security theatre What we don’t know how to do nMake something complex secure nMake something big secure nKeep something secure when it changes o “When it comes to security, a change is unlikely to be an improvement.” —Doug McIlroy nGet users to make judgments about security

Lots of hype nNot much hard evidence of actual harm o As opposed to scare stories and uneasiness o Ex: Scale of identity theft, losses from cybercrime nMost numbers come from interested parties o who are in business to sell you security stuff nRarely, we see business decisions backed by data o Verifying credit card transactions nMost costs are in prevention, not in harm

Approaches to rational security nLimited aspirations o In the real world, good security means a bank vault ▬ There’s nothing like this in most computer systems o Requires setting priorities—what’s really important nRetroactive security o React, don’t anticipate—work on actual problems o Deterrence and undo rather than prevention ▬ Deterrence needs punishment ▬ Punishment needs accountability

Deterrence, punishment, accountability nReal world security is retroactive, about deterrence, not about locks nOn the net, can’t find bad guys, so can’t deter them nFix? End nodes enforce accountability o Refuse messages that aren’t accountable enough ▬ or strongly isolate those messages o Senders are accountable if you can punish them ▬ With dollars, ostracism, firing, jail,... nAll trust is local 518 March 2016Lampson: Retroactive Security

nPartition world into two parts: o Green: More safe/accountable o Red : Less safe/unaccountable nGreen world needs professional management Limiting aspirations: Red | Green Less valuable assets My Red Computer N attacks/year on less valuable assets More valuable assets My Green Computer More valuable assets m attacks/year on more valuable assets N attacks/yr m attacks/yr (N >> m) Less trustworthy Less accountable entities More trustworthy More accountable entities

What about bugs? Control inputs nBugs will always subvert security o Can’t get rid of bugs in full-function systems ▬ There’s too much code, changing too fast ▬ Timeliness and functionality trump security nA bug is only dangerous if it gets tickled o So keep the bugs from getting tickled o Bugs get tickled by inputs to the program o So refuse dangerous inputs ▬ or strongly isolate or sanitize those inputs nTo control possible inputs, isolate the program o Airgap, VM, process isolation, sandbox

Privacy: Personal control of data nYou are empowered to control your data o Find it, limit its use, claim it o Everywhere—Across the whole internet o Anytime, not just when it’s collected o Consistently for all data handlers and devices o Remaining anonymous if you wish

Personal control of data: Mechanisms nIdeal: All your data is in a vault you control o I bring you a query o If you like the query, you return a result ▬ Otherwise you tell me to go away nPractical: Data has metadata tag: link to policy o Two kinds of players: ▬ Agents you choose—like an provider Personal Agent on your device Policy Service online ▬ Data handlers, subject to regulation Anyone who handles your data and follows the rules Must fetch and obey your current policy

How it works NID+ is the metadata You are in control Regulator makes rules Data items:... Handler h Your agent Identity: NID data, NID+→ (3) Get policy NID→  data items (4) Claim data (2) Provide data  handler,type,NID Y/N→ (1) Set policy Policy: →Y/N... Your policy service

Policy nData-centric, not device or service centric o Metadata stays with the data, points to data’s policy nStandard policy is very simple o 7 ± 2 types of data: contact, location, transaction,... ▬ Can extend a type with an optional tree of subtypes o Basic policy: handler h can/can’t use data type t nOne screen shows most policies (in big type) o Templates (from 3 rd parties) + your exceptions nEncode complex policy in apps o An app is a handler that tags its output suitably

Conclusions nRational security o Limited aspirations ▬ Red | Green o Retroactive security ▬ React—work on actual problems ▬ Deterrence and undo over prevention nPersonal control of data o Data tagged with metadata: a link to your policy o Handlers must obey policy

Backup

Access Control 1.Isolation boundary limits attacks to channels (no bugs) 2.Access Control for channel traffic 3.Policy management Resource / Object Guard / Reference monitor Request Agent / Principal Authorization Audit log Authentication 1. Isolation boundary 2. Access control Policy 3. Policy Sink Source Host (CLR, kernel, hardware, VMM,...) March 2016Lampson: Retroactive Security

Incentives nPerceived threat of harm, or regulation o Harm: loss of money or reputation o For vendors, customer demand, which is weak nPerception is based on past experience o not on possible futures o because too many things might go wrong o and you’ll have a different job by then nRegulation is a blunt instrument o slow, behind changing technology and threats o expensive o prone to unintended consequences. o But it can work. Ex: US state laws on PII disclosure

Are people irrational? No nGoals are unrealistic, ignoring: o What is technically possible o What users will actually do o Conflicting desires for ▬ security, anonymity, convenience, features nActual damage is small o Evidence of damage is weak o Hence not much customer demand nIncentives are lacking o Experience trumps imagination o Convenience trumps security o Externalites: who benefits ≠ who pays

What is technically possible? nSecurity requires simplicity nMost processes add complexity o SSL/TLS recently discovered bugs o EMV chip-and-PIN system o Windows printing system o SET “standard” for internet credit card transactions n“Too complex” is a judgment call o Why? No good metrics for complexity or security o So desire outruns performance

What will users actually do? nWhat gets the job done o Disabling or evading security in the process nWhat is easy o 2-factor auth for banking → password + device ▬ But in Norway, one time passwords for banking nWhat works everywhere o For security, that’s nothing o So “educating” users doesn’t work nWhat solves a problem they (or a friend) actually had n“If you want security, you must be prepared for inconvenience.” —Gen. Benjamin W. Chidlaw, 1954

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.