Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy Cyberspace May 25, 2011 Richard A. Kemmerer
UC Santa Barbara Four Major Challenges Application specific flaws –How do we write a specification for “there are no application level flaws”? Dynamic monitoring –How do we design-in an after-deployment environment? Privacy –How do we help users understand the privacy implications of their actions? Human in the loop –How do we design-in protection against user errors? 2
UC Santa Barbara Application-level flaws Need to go beyond simple input vulnerabilities –e.g., SQL injections, cross-site scripting –Software/web framework could check for these Need to understand more complex vulnerabilities that are specific to a particular application –E.g., applying a discount multiple times or getting an item for free from Amazon –How can these be designed-in? 3
UC Santa Barbara Dynamic Monitoring Cannot statically prove the absence of all bugs Need an environment where systems can be continuously monitored after deployment –This environment needs to maintain/guarantee properties that were assumed during the development process –How is this after-deployment monitor designed-in during development? 4
UC Santa Barbara Privacy Cybersecurity must include privacy too Foolish users on social networks not only compromise their own private data, but the private data of their friends too Need to design-in warnings, etc. that let users know when they are jeopardizing their privacy Need to help users understand the implications of their actions 5
UC Santa Barbara Human in the Loop How is a formally verified system going to avoid “social engineering”? How does one specify/verify skinware? How do we design-in the capability to keep users from doing foolish things to themselves and others? 6
UC Santa Barbara 7 Questions?