SlideShare a Scribd company logo

What Happened to Mathematically Provable Security?

Frances Coronel
Frances Coronel

Published January 28, 2016, in Technology Research presentation for CSC 405. CSC 405 Software Design & Development II Hampton University Spring 2016 --- FVCproductions https://fvcproductions.com

Technology
1 of 37
Download to read offline
Research Presentation Jordan Quick Calvin Chambers Frances Coronel Anesha Passalacqua By
What Happened to Mathematically Provable?
Mathematical Proofs
Mathematical Proofs ● A mathematical proof is an argument which convinces other people that something is true. ● They improve but do not guarantee security, safety, and friendliness. ● In 1979, Michael Rabin proved that his encryption system could be inverted as long as he uses the factor “n” when computing his algorithm. He uses “n” because it would be relatively hard for someone to compute a large value of “n” based off the given algorithm.
Mathematical Proofs Cont. ● Mathematical Proofs can sometimes be wrong. ● In 2007, Boldyreva created the Order Multi-Signatures (OMS) which was claimed more efficient and more secure than other systems with similar functionality. This was proved wrong by Hwang in 2009.
Provable Security
Provable Security is false? ● Instead of creating a secure computer system, they instead created a secure algorithm that has a possibility of being breached when the algorithm is figured out. ● The system’s former security requirements might fall victim to attacks by not capturing everything an attacker can do to break the system. This also does not show what information is available to the hacker. ● Mathematical proofs can sometimes be wrong
Types of Provable Security ● Unconditional Security ○ Characterized by resisting all attackers ○ Key pre-distribution schemes in large ● Computational Security ○ Characterized by resisting attacks made by PPT algorithms or circuits ○ Typically uses complexity theoretic techniques to prove security ○ Non-uniform algorithms are considered to be given a different “hint” for each value of the security parameter. ● Formal Methods ○ Characterized by Style of Proof Rather Than Class of Attackers ○ Verification of Protocol Security ○ Verification of Algorithmic Correctness
Provable Security and Proofs ● Proving the security of a computer is “hard” ● Proofs often come in 3 parts ○ A description of the simulator ○ A justification of why the simulators provides inputs which look like those in the security model ○ A justification of why the simulator solves the problem whenever the attacker breaks the cryptosystem
Multics
Multics ● Multiplexed Information and Computing Service is a timesharing operating system that started in 1965 and was used until 2000. ● Created by MIT’s Project MAC. ● Honeywell offered Multics as a commercial product and sold dozens of systems.
Multics Contains... ● A supervisor program that managed everything ● An innovative segmented memory addressing system ● A tree structured file system ● Device support ● Hundreds of program commands, languages and tools ● Hundreds of library routines ● Operational and Support Tools ● User and system documentation
Why haven’t we heard of Multics in this current generation?
Multics and Money? ● Despite its shutdown in 2000, Multics has leaded pathway for computing systems’ security. There was no need for a Multics computer since methods used in Multics were now developed in Windows and Macintosh computers. There are still emulators today running Multic Systems. ● Mathematically provable secure systems are more difficult to be proved than thought possible and it shows that not having a completely secure system would prove very resourceful when it comes to money. Industry wishes to make profit wherever seems profitable and having a mathematically provable secure system will take away from that profit. ● I personally don’t believe that there isn’t such a thing as a mathematically provable secure system when it comes to computer systems but I do believe that people would rather make profit off of security than have a secure system.
So what happened?
Kernelized Secure Operating System (KSOS)
What is KSOS ? ● Kernelized Secure Operating System (KSOS, formerly called Secure UNIX). KSOS is intended to provide a provably secure operating system for larger minicomputers ● KSOS will provide a system call interface closely compatible with the UNIX operating system ● KSOS is composed of three components: ○ The Security Kernel ■ Provides a simple operating system which can be shown to be secure ○ The UNIX Emulator ○ The Non-Kernel System Software
Goals of KSOS ● The goal of the system is to provide strong assurances that it is impossible for an unprivileged user to cause an information compromise. ● The overall design goals for KSOS are: ○ The system must provide provable security, i.e. its design and mechanization must be oriented towards the proof of its security properties. ○ The copying of the UNIX system call interface must be as faithful as possible given the constraints of the security model. ○ The performance of the system should be "good," specifically, the performance should be comparable to that of a UNIX system. ○ The Kernel should be usable by itself as a simple, secure operating system. ○ The design should be amenable to implementation on other hardware bases.
What happened to KSOS? ● Designed to be a replacement for UNIX version 6 with: ○ A security kernel ○ Non-kernel security-related utility programs ○ UNIX Application development and support environments (optional) ● First full use of HDM (Hierarchical Development Methodology)
Provably Secure Operating System (PSOS)
What is PSOS ? ● PSOS was designed as a useful general-purpose operating system with demonstrable security properties ● PSOS was designed using a combo of disciplined engineering processes in order to provide a sound basis for claiming that the resulting system could meet its security requirements ● The PSOS design was strongly motivated by the formal approach: ○ The Hierarchical Development Methodology (HDM) ● In PSOS, capabilities are the means by which all system objects are referenced and accessed ● Each object in PSOS can be accessed only upon presentation of an appropriate capability to a module responsible for that object
What happened to PSOS? ● Provides a uniform means of accessing and protecting objects ○ Simplifies the proof process, unifies the design and has a great impact ● Led to the usage of extended-type objects using the hierarchical design ○ Providing layers of abstraction and protection ● Reduces the proof of larger programs to many smaller programs which simplifies the input and output of each program
Secure Communications Processor(SCOMP)
What is SCOMP ? ● The idea for the Scomp system originated in a joint Honeywell-Air Force program called Project Guardian, which was an attempt to further enhance the security of Honeywell's Multics system. ● The Honeywell Secure Communications Processor (SCOMP) was an early guard platform
Goals of SCOMP ● The SCOMP was designed to be simple, secure and efficient ● The Scomp system is a unique implementation of a hardware/software general-purpose operating system based on the security kernel concept. ● Scomp hardware supports a Multics-like, hardware-enforced ring mechanism, virtual memory, virtual I/O processing, page-fault recovery support, and performance mechanisms to aid in the implementation of an efficient operating system
What happened to SCOMP? ● An enhanced version of the Honeywell Level 6 minicomputer ● First system to be ranked as a Class A1 in the Trusted Computer System Evaluation Criteria (TCSEC) ○ Class A1- verified design under Division A- Verified protection
Why didn’t any of this research lead to a successful project?
It’s theoretical. Mathematical proofs don’t actually prove security. In fact, no system can be “provably secure” in the strongest sense, since we can’t be 100% certain that the system’s formal security requirements have been specified properly, and we can’t be 100% certain the security proof itself is without error.
The same applies to the field of friendly AI.
Minority Report doesn’t exist. Future vulnerabilities that the creator of the proof/OS are unaware of may not even exist. The operating system’s formal security requirements might fail to capture everything the attacker can do to break the system, and what information is available to the attacker. 1. Accidental Discovery 2. Deliberate Research
Too Many Layers & Iterations The most secure OS is the one installed on a computer that has never been nor never will be connected to the internet and is in a secure locked room which is also a Faraday cage. It must comply with NATO SDIP-27 Level A standards.
Conclusion?
Mathematıcal Proofs Improve But Don’t Guarantee Securıty, Safety, and Frıendlıness
"The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and I'm not even too sure about that one." —Dennis Hughes, FBI
Thanks!
Credits 1. http://csrc.nist.gov/publications/history/neum75.pdf 2. https://intelligence.org/2013/10/03/proofs/ 3. https://www.computer.org/csdl/proceedings/afips/1979/5087/00/50870345. pdf 4. https://www.quora.com/What-is-the-most-secure-computer-system-in-the- world 5. https://www.quora.com/What-is-the-most-secure-computer-operating-system 6. https://www.quora.com/Software-Quality-Assurance/How-do-people-find- loopholes-in-the-security-of-a-server-operating-system-networks-etc 7. https://www.wikiwand.com/en/Tempest_(codename)
Credits 1. https://intelligence.org/2013/10/03/proofs/ 2. https://math.berkeley.edu/~hutching/teach/proofs.pdf 3. http://www.cs.bris.ac. uk/Research/CryptographySecurity/SummerSchool2009/slides/Alex.pdf 4. http://www.multicians.org/history.html 5. http://tools.ietf.org/html/rfc4949#page-167 6. http://csrc.nist.gov/publications/history/ford78.pdf 7. http://csrc.nist.gov/publications/history/neum75.pdf

Recommended

Process behaviour modelling using lsm
Process behaviour modelling using lsmProcess behaviour modelling using lsm
Process behaviour modelling using lsmiaemedu
 
130418 makan pourzandi - esf -- an elastic security framework for cloud inf...
130418 makan pourzandi - esf -- an elastic security framework for cloud inf...130418 makan pourzandi - esf -- an elastic security framework for cloud inf...
130418 makan pourzandi - esf -- an elastic security framework for cloud inf...Ptidej Team
 
Your First Guide to "secure Linux"
Your First Guide to "secure Linux"Your First Guide to "secure Linux"
Your First Guide to "secure Linux"Toshiharu Harada, Ph.D
 
Security, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an OverviewSecurity, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an OverviewKaiwan Billimoria
 
Flask: Flux Advanced Security Kernel
Flask: Flux Advanced Security KernelFlask: Flux Advanced Security Kernel
Flask: Flux Advanced Security KernelLuis Espinal
 
Secure Trustworthy Enterprise
Secure Trustworthy EnterpriseSecure Trustworthy Enterprise
Secure Trustworthy EnterpriseDMIMarketing
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 

Recommended

Process behaviour modelling using lsm
Process behaviour modelling using lsmProcess behaviour modelling using lsm
Process behaviour modelling using lsmiaemedu
 
130418 makan pourzandi - esf -- an elastic security framework for cloud inf...
130418 makan pourzandi - esf -- an elastic security framework for cloud inf...130418 makan pourzandi - esf -- an elastic security framework for cloud inf...
130418 makan pourzandi - esf -- an elastic security framework for cloud inf...Ptidej Team
 
Your First Guide to "secure Linux"
Your First Guide to "secure Linux"Your First Guide to "secure Linux"
Your First Guide to "secure Linux"Toshiharu Harada, Ph.D
 
Security, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an OverviewSecurity, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an OverviewKaiwan Billimoria
 
Flask: Flux Advanced Security Kernel
Flask: Flux Advanced Security KernelFlask: Flux Advanced Security Kernel
Flask: Flux Advanced Security KernelLuis Espinal
 
Secure Trustworthy Enterprise
Secure Trustworthy EnterpriseSecure Trustworthy Enterprise
Secure Trustworthy EnterpriseDMIMarketing
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An IntroductionMarcel Winandy
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of SystemsJamal Jamali
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
security onion
security onionsecurity onion
security onionBoni Yeamin
 
Chapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hChapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hWilheminaRossi174
 
C days2015
C days2015C days2015
C days2015Nuno Loureiro
 
Data security in practice
Data security in practiceData security in practice
Data security in practiceAndres Kütt
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Processphanleson
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdfanilagarwal007
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
 
An Overview Of The Singularity Project
An Overview Of The Singularity ProjectAn Overview Of The Singularity Project
An Overview Of The Singularity Projectalanocu
 
Audit and security application
Audit and security applicationAudit and security application
Audit and security applicationRihab Chebbah
 
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeYusuf Hadiwinata Sutandar
 
Secure software chapman
Secure software chapmanSecure software chapman
Secure software chapmanAdaCore
 
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...John Kinsella
 
Building Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal DevicesBuilding Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal DevicesJavier González
 
Automating security compliance for physical, virtual, cloud, and container en...
Automating security compliance for physical, virtual, cloud, and container en...Automating security compliance for physical, virtual, cloud, and container en...
Automating security compliance for physical, virtual, cloud, and container en...Lucy Huh Kerner
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information SystemsKashfUlHuda1
 
Conexión y Cultura con Asana
Conexión y Cultura con AsanaConexión y Cultura con Asana
Conexión y Cultura con AsanaFrances Coronel
 
Stories from Latinas in Engineering with KeepTruckin
Stories from Latinas in Engineering with KeepTruckinStories from Latinas in Engineering with KeepTruckin
Stories from Latinas in Engineering with KeepTruckinFrances Coronel
 

More Related Content

Similar to What Happened to Mathematically Provable Security?

Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An IntroductionMarcel Winandy
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of SystemsJamal Jamali
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Chapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hChapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hWilheminaRossi174
 
Data security in practice
Data security in practiceData security in practice
Data security in practiceAndres Kütt
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Processphanleson
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdfanilagarwal007
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
 
An Overview Of The Singularity Project
An Overview Of The Singularity ProjectAn Overview Of The Singularity Project
An Overview Of The Singularity Projectalanocu
 
Audit and security application
Audit and security applicationAudit and security application
Audit and security applicationRihab Chebbah
 
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeYusuf Hadiwinata Sutandar
 
Secure software chapman
Secure software chapmanSecure software chapman
Secure software chapmanAdaCore
 
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...John Kinsella
 
Building Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal DevicesBuilding Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal DevicesJavier González
 
Automating security compliance for physical, virtual, cloud, and container en...
Automating security compliance for physical, virtual, cloud, and container en...Automating security compliance for physical, virtual, cloud, and container en...
Automating security compliance for physical, virtual, cloud, and container en...Lucy Huh Kerner
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information SystemsKashfUlHuda1
 

Similar to What Happened to Mathematically Provable Security? (20)

Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An Introduction
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of Systems
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
security onion
security onionsecurity onion
security onion
 
Chapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hChapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t h
 
C days2015
C days2015C days2015
C days2015
 
Data security in practice
Data security in practiceData security in practice
Data security in practice
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
An Overview Of The Singularity Project
An Overview Of The Singularity ProjectAn Overview Of The Singularity Project
An Overview Of The Singularity Project
 
Audit and security application
Audit and security applicationAudit and security application
Audit and security application
 
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
 
Secure software chapman
Secure software chapmanSecure software chapman
Secure software chapman
 
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
 
Building Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal DevicesBuilding Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal Devices
 
Automating security compliance for physical, virtual, cloud, and container en...
Automating security compliance for physical, virtual, cloud, and container en...Automating security compliance for physical, virtual, cloud, and container en...
Automating security compliance for physical, virtual, cloud, and container en...
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systems
 

More from Frances Coronel

Conexión y Cultura con Asana
Conexión y Cultura con AsanaConexión y Cultura con Asana
Conexión y Cultura con AsanaFrances Coronel
 
Stories from Latinas in Engineering with KeepTruckin
Stories from Latinas in Engineering with KeepTruckinStories from Latinas in Engineering with KeepTruckin
Stories from Latinas in Engineering with KeepTruckinFrances Coronel
 
Uncharted Territories: On Being the First in Tech
Uncharted Territories: On Being the First in TechUncharted Territories: On Being the First in Tech
Uncharted Territories: On Being the First in TechFrances Coronel
 
Pride Month Event with Blend: Intersecting Identities in Tech
Pride Month Event with Blend: Intersecting Identities in TechPride Month Event with Blend: Intersecting Identities in Tech
Pride Month Event with Blend: Intersecting Identities in TechFrances Coronel
 
My State of Work | MS&E 184 - Spring 2020
My State of Work | MS&E 184 - Spring 2020My State of Work | MS&E 184 - Spring 2020
My State of Work | MS&E 184 - Spring 2020Frances Coronel
 
Engineering Mentorship with Asana
Engineering Mentorship with AsanaEngineering Mentorship with Asana
Engineering Mentorship with AsanaFrances Coronel
 
Pluralsight LIVE 2019 | Progressive Web Apps 101
Pluralsight LIVE 2019 | Progressive Web Apps 101Pluralsight LIVE 2019 | Progressive Web Apps 101
Pluralsight LIVE 2019 | Progressive Web Apps 101Frances Coronel
 
Welcome to Slack, Mindot!
Welcome to Slack, Mindot!Welcome to Slack, Mindot!
Welcome to Slack, Mindot!Frances Coronel
 
RevolutionConf 2019 - Progressive Web Apps 101
RevolutionConf 2019 - Progressive Web Apps 101RevolutionConf 2019 - Progressive Web Apps 101
RevolutionConf 2019 - Progressive Web Apps 101Frances Coronel
 
JSConf EU 2019 - Being a Unicorn Working for Another Unicorn
JSConf EU 2019 - Being a Unicorn Working for Another UnicornJSConf EU 2019 - Being a Unicorn Working for Another Unicorn
JSConf EU 2019 - Being a Unicorn Working for Another UnicornFrances Coronel
 
Welcome to Slack, Diablo Valley College!
Welcome to Slack, Diablo Valley College!Welcome to Slack, Diablo Valley College!
Welcome to Slack, Diablo Valley College!Frances Coronel
 
Welcome to Slack, Coro Fellows!
Welcome to Slack, Coro Fellows!Welcome to Slack, Coro Fellows!
Welcome to Slack, Coro Fellows!Frances Coronel
 
Telegraph Track - Progressive Web Apps 101
Telegraph Track - Progressive Web Apps 101Telegraph Track - Progressive Web Apps 101
Telegraph Track - Progressive Web Apps 101Frances Coronel
 
Side Hustle: Techqueria.org
Side Hustle: Techqueria.orgSide Hustle: Techqueria.org
Side Hustle: Techqueria.orgFrances Coronel
 
General Assembly - So You Want To Be A Wizard
General Assembly - So You Want To Be A WizardGeneral Assembly - So You Want To Be A Wizard
General Assembly - So You Want To Be A WizardFrances Coronel
 
GDG DevFest 2018 - Progressive Web Apps 101
GDG DevFest 2018 - Progressive Web Apps 101GDG DevFest 2018 - Progressive Web Apps 101
GDG DevFest 2018 - Progressive Web Apps 101Frances Coronel
 
Scenic City Summit 2018 - Progressive Web Apps 101
Scenic City Summit 2018 - Progressive Web Apps 101Scenic City Summit 2018 - Progressive Web Apps 101
Scenic City Summit 2018 - Progressive Web Apps 101Frances Coronel
 
Scenic City Summit 2018 - TypeScript 101
Scenic City Summit 2018 - TypeScript 101Scenic City Summit 2018 - TypeScript 101
Scenic City Summit 2018 - TypeScript 101Frances Coronel
 
GDG SF Meetup - Progressive Web Apps 101
GDG SF Meetup - Progressive Web Apps 101GDG SF Meetup - Progressive Web Apps 101
GDG SF Meetup - Progressive Web Apps 101Frances Coronel
 

More from Frances Coronel (20)

Conexión y Cultura con Asana
Conexión y Cultura con AsanaConexión y Cultura con Asana
Conexión y Cultura con Asana
 
Stories from Latinas in Engineering with KeepTruckin
Stories from Latinas in Engineering with KeepTruckinStories from Latinas in Engineering with KeepTruckin
Stories from Latinas in Engineering with KeepTruckin
 
Uncharted Territories: On Being the First in Tech
Uncharted Territories: On Being the First in TechUncharted Territories: On Being the First in Tech
Uncharted Territories: On Being the First in Tech
 
Pride Month Event with Blend: Intersecting Identities in Tech
Pride Month Event with Blend: Intersecting Identities in TechPride Month Event with Blend: Intersecting Identities in Tech
Pride Month Event with Blend: Intersecting Identities in Tech
 
My State of Work | MS&E 184 - Spring 2020
My State of Work | MS&E 184 - Spring 2020My State of Work | MS&E 184 - Spring 2020
My State of Work | MS&E 184 - Spring 2020
 
Engineering Mentorship with Asana
Engineering Mentorship with AsanaEngineering Mentorship with Asana
Engineering Mentorship with Asana
 
Pluralsight LIVE 2019 | Progressive Web Apps 101
Pluralsight LIVE 2019 | Progressive Web Apps 101Pluralsight LIVE 2019 | Progressive Web Apps 101
Pluralsight LIVE 2019 | Progressive Web Apps 101
 
Welcome to Slack, Mindot!
Welcome to Slack, Mindot!Welcome to Slack, Mindot!
Welcome to Slack, Mindot!
 
RevolutionConf 2019 - Progressive Web Apps 101
RevolutionConf 2019 - Progressive Web Apps 101RevolutionConf 2019 - Progressive Web Apps 101
RevolutionConf 2019 - Progressive Web Apps 101
 
JSConf EU 2019 - Being a Unicorn Working for Another Unicorn
JSConf EU 2019 - Being a Unicorn Working for Another UnicornJSConf EU 2019 - Being a Unicorn Working for Another Unicorn
JSConf EU 2019 - Being a Unicorn Working for Another Unicorn
 
Welcome to Slack, Diablo Valley College!
Welcome to Slack, Diablo Valley College!Welcome to Slack, Diablo Valley College!
Welcome to Slack, Diablo Valley College!
 
Welcome to Slack, Coro Fellows!
Welcome to Slack, Coro Fellows!Welcome to Slack, Coro Fellows!
Welcome to Slack, Coro Fellows!
 
Telegraph Track - Progressive Web Apps 101
Telegraph Track - Progressive Web Apps 101Telegraph Track - Progressive Web Apps 101
Telegraph Track - Progressive Web Apps 101
 
JSConf Hawaiʻi 2019
JSConf Hawaiʻi 2019JSConf Hawaiʻi 2019
JSConf Hawaiʻi 2019
 
Side Hustle: Techqueria.org
Side Hustle: Techqueria.orgSide Hustle: Techqueria.org
Side Hustle: Techqueria.org
 
General Assembly - So You Want To Be A Wizard
General Assembly - So You Want To Be A WizardGeneral Assembly - So You Want To Be A Wizard
General Assembly - So You Want To Be A Wizard
 
GDG DevFest 2018 - Progressive Web Apps 101
GDG DevFest 2018 - Progressive Web Apps 101GDG DevFest 2018 - Progressive Web Apps 101
GDG DevFest 2018 - Progressive Web Apps 101
 
Scenic City Summit 2018 - Progressive Web Apps 101
Scenic City Summit 2018 - Progressive Web Apps 101Scenic City Summit 2018 - Progressive Web Apps 101
Scenic City Summit 2018 - Progressive Web Apps 101
 
Scenic City Summit 2018 - TypeScript 101
Scenic City Summit 2018 - TypeScript 101Scenic City Summit 2018 - TypeScript 101
Scenic City Summit 2018 - TypeScript 101
 
GDG SF Meetup - Progressive Web Apps 101
GDG SF Meetup - Progressive Web Apps 101GDG SF Meetup - Progressive Web Apps 101
GDG SF Meetup - Progressive Web Apps 101
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

What Happened to Mathematically Provable Security?

  • 1. Research Presentation Jordan Quick Calvin Chambers Frances Coronel Anesha Passalacqua By
  • 4. Mathematical Proofs ● A mathematical proof is an argument which convinces other people that something is true. ● They improve but do not guarantee security, safety, and friendliness. ● In 1979, Michael Rabin proved that his encryption system could be inverted as long as he uses the factor “n” when computing his algorithm. He uses “n” because it would be relatively hard for someone to compute a large value of “n” based off the given algorithm.
  • 5. Mathematical Proofs Cont. ● Mathematical Proofs can sometimes be wrong. ● In 2007, Boldyreva created the Order Multi-Signatures (OMS) which was claimed more efficient and more secure than other systems with similar functionality. This was proved wrong by Hwang in 2009.
  • 7. Provable Security is false? ● Instead of creating a secure computer system, they instead created a secure algorithm that has a possibility of being breached when the algorithm is figured out. ● The system’s former security requirements might fall victim to attacks by not capturing everything an attacker can do to break the system. This also does not show what information is available to the hacker. ● Mathematical proofs can sometimes be wrong
  • 8. Types of Provable Security ● Unconditional Security ○ Characterized by resisting all attackers ○ Key pre-distribution schemes in large ● Computational Security ○ Characterized by resisting attacks made by PPT algorithms or circuits ○ Typically uses complexity theoretic techniques to prove security ○ Non-uniform algorithms are considered to be given a different “hint” for each value of the security parameter. ● Formal Methods ○ Characterized by Style of Proof Rather Than Class of Attackers ○ Verification of Protocol Security ○ Verification of Algorithmic Correctness
  • 9. Provable Security and Proofs ● Proving the security of a computer is “hard” ● Proofs often come in 3 parts ○ A description of the simulator ○ A justification of why the simulators provides inputs which look like those in the security model ○ A justification of why the simulator solves the problem whenever the attacker breaks the cryptosystem
  • 11. Multics ● Multiplexed Information and Computing Service is a timesharing operating system that started in 1965 and was used until 2000. ● Created by MIT’s Project MAC. ● Honeywell offered Multics as a commercial product and sold dozens of systems.
  • 12. Multics Contains... ● A supervisor program that managed everything ● An innovative segmented memory addressing system ● A tree structured file system ● Device support ● Hundreds of program commands, languages and tools ● Hundreds of library routines ● Operational and Support Tools ● User and system documentation
  • 13. Why haven’t we heard of Multics in this current generation?
  • 14. Multics and Money? ● Despite its shutdown in 2000, Multics has leaded pathway for computing systems’ security. There was no need for a Multics computer since methods used in Multics were now developed in Windows and Macintosh computers. There are still emulators today running Multic Systems. ● Mathematically provable secure systems are more difficult to be proved than thought possible and it shows that not having a completely secure system would prove very resourceful when it comes to money. Industry wishes to make profit wherever seems profitable and having a mathematically provable secure system will take away from that profit. ● I personally don’t believe that there isn’t such a thing as a mathematically provable secure system when it comes to computer systems but I do believe that people would rather make profit off of security than have a secure system.
  • 17. What is KSOS ? ● Kernelized Secure Operating System (KSOS, formerly called Secure UNIX). KSOS is intended to provide a provably secure operating system for larger minicomputers ● KSOS will provide a system call interface closely compatible with the UNIX operating system ● KSOS is composed of three components: ○ The Security Kernel ■ Provides a simple operating system which can be shown to be secure ○ The UNIX Emulator ○ The Non-Kernel System Software
  • 18. Goals of KSOS ● The goal of the system is to provide strong assurances that it is impossible for an unprivileged user to cause an information compromise. ● The overall design goals for KSOS are: ○ The system must provide provable security, i.e. its design and mechanization must be oriented towards the proof of its security properties. ○ The copying of the UNIX system call interface must be as faithful as possible given the constraints of the security model. ○ The performance of the system should be "good," specifically, the performance should be comparable to that of a UNIX system. ○ The Kernel should be usable by itself as a simple, secure operating system. ○ The design should be amenable to implementation on other hardware bases.
  • 19. What happened to KSOS? ● Designed to be a replacement for UNIX version 6 with: ○ A security kernel ○ Non-kernel security-related utility programs ○ UNIX Application development and support environments (optional) ● First full use of HDM (Hierarchical Development Methodology)
  • 21. What is PSOS ? ● PSOS was designed as a useful general-purpose operating system with demonstrable security properties ● PSOS was designed using a combo of disciplined engineering processes in order to provide a sound basis for claiming that the resulting system could meet its security requirements ● The PSOS design was strongly motivated by the formal approach: ○ The Hierarchical Development Methodology (HDM) ● In PSOS, capabilities are the means by which all system objects are referenced and accessed ● Each object in PSOS can be accessed only upon presentation of an appropriate capability to a module responsible for that object
  • 22. What happened to PSOS? ● Provides a uniform means of accessing and protecting objects ○ Simplifies the proof process, unifies the design and has a great impact ● Led to the usage of extended-type objects using the hierarchical design ○ Providing layers of abstraction and protection ● Reduces the proof of larger programs to many smaller programs which simplifies the input and output of each program
  • 24. What is SCOMP ? ● The idea for the Scomp system originated in a joint Honeywell-Air Force program called Project Guardian, which was an attempt to further enhance the security of Honeywell's Multics system. ● The Honeywell Secure Communications Processor (SCOMP) was an early guard platform
  • 25. Goals of SCOMP ● The SCOMP was designed to be simple, secure and efficient ● The Scomp system is a unique implementation of a hardware/software general-purpose operating system based on the security kernel concept. ● Scomp hardware supports a Multics-like, hardware-enforced ring mechanism, virtual memory, virtual I/O processing, page-fault recovery support, and performance mechanisms to aid in the implementation of an efficient operating system
  • 26. What happened to SCOMP? ● An enhanced version of the Honeywell Level 6 minicomputer ● First system to be ranked as a Class A1 in the Trusted Computer System Evaluation Criteria (TCSEC) ○ Class A1- verified design under Division A- Verified protection
  • 27. Why didn’t any of this research lead to a successful project?
  • 28. It’s theoretical. Mathematical proofs don’t actually prove security. In fact, no system can be “provably secure” in the strongest sense, since we can’t be 100% certain that the system’s formal security requirements have been specified properly, and we can’t be 100% certain the security proof itself is without error.
  • 29. The same applies to the field of friendly AI.
  • 30. Minority Report doesn’t exist. Future vulnerabilities that the creator of the proof/OS are unaware of may not even exist. The operating system’s formal security requirements might fail to capture everything the attacker can do to break the system, and what information is available to the attacker. 1. Accidental Discovery 2. Deliberate Research
  • 31. Too Many Layers & Iterations The most secure OS is the one installed on a computer that has never been nor never will be connected to the internet and is in a secure locked room which is also a Faraday cage. It must comply with NATO SDIP-27 Level A standards.
  • 33. Mathematıcal Proofs Improve But Don’t Guarantee Securıty, Safety, and Frıendlıness
  • 34. "The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and I'm not even too sure about that one." —Dennis Hughes, FBI
  • 36. Credits 1. http://csrc.nist.gov/publications/history/neum75.pdf 2. https://intelligence.org/2013/10/03/proofs/ 3. https://www.computer.org/csdl/proceedings/afips/1979/5087/00/50870345. pdf 4. https://www.quora.com/What-is-the-most-secure-computer-system-in-the- world 5. https://www.quora.com/What-is-the-most-secure-computer-operating-system 6. https://www.quora.com/Software-Quality-Assurance/How-do-people-find- loopholes-in-the-security-of-a-server-operating-system-networks-etc 7. https://www.wikiwand.com/en/Tempest_(codename)
  • 37. Credits 1. https://intelligence.org/2013/10/03/proofs/ 2. https://math.berkeley.edu/~hutching/teach/proofs.pdf 3. http://www.cs.bris.ac. uk/Research/CryptographySecurity/SummerSchool2009/slides/Alex.pdf 4. http://www.multicians.org/history.html 5. http://tools.ietf.org/html/rfc4949#page-167 6. http://csrc.nist.gov/publications/history/ford78.pdf 7. http://csrc.nist.gov/publications/history/neum75.pdf