2. OSS & Security
● Outline:
– Principles, Motives, & Opportunity
– Trends and attitudes
– Case and examples
(The small matter of Mr. Snowden)
– The way forward
4. Design Principles
• Well known set of principles
– Saltzer, J.H.; Schroeder, M.D., "The protection of
information in computer systems," Proceedings
of the IEEE , vol.63, no.9, pp.1278,1308, Sept.
1975
– Smith, R.E., "A Contemporary Look at Saltzer
and Schroeder's 1975 Design Principles,"
Security & Privacy, IEEE , vol.10, no.6, pp.20,25,
Nov.-Dec. 2012
– See also:
http://www.cryptosmith.com/book/export/html/365
5. Saltzer & Schroeder
1. Economy of mechanism
2. Fail-safe defaults
3. Complete mediation
4. Open design
5. Separation of privilege
6. Least privilege
7. Least common mechanism
8. Psychological acceptability
6. Saltzer & Schroeder
1. Economy of mechanism
2. Fail-safe defaults
3. Complete mediation
4.Open design
Kerckhoffs (19th century)
Shannon: “The enemy knows the system”
5. Separation of privilege
6. Least privilege
7. Least common mechanism
8. Psychological acceptability
8. Motive
“While security for the user might
mean the repulse of `evil hackers […]
security for the vendor means
growing the market and crushing the
competition.”
– Ross Anderson, "Security in Open versus Closed
Systems - The Dance of Boltzmann, Coase and
Moore", Open Source Software : Economics, Law
and Policy, Toulouse, France, June 20-21, 2002.
11. Reflections on
Trusting Trust
Ken Tompson
Communication of the ACM, Vol. 27, No. 8,
August 1984
Opportunity
“The moral is obvious. You
can't trust code that you
did not totally create
yourself. (Especially code
from companies that
employ people like me.)”
http://www.cs.tufts.edu/comp/98/Ken_Thompson_84-Reflections_on_Trusting_Trust.pdf
12. What if we don’t manage
trust & ignore scrutiny?
20. French Weapons in the Falklands
• France manufactured the Exocet
[…]
– France also provided a vast,
virtually unprecedented
amount of technical
assistance, including
information on how to combat
the Exocet missile, which
could well have been
decisive in assuring a British
victory.
http://en.wikipedia.org/wiki/Exocet
26. Physical vs. Digital world
• what Morpheus might have said
– “Do you believe that my being stronger or
faster has anything to do with my muscles in
this place?”
• mediation, proxies, and trust
27. ● Stallman: How Much Surveillance
Can Democracy Withstand?
“Robust protection for privacy must be
technical”
wired.com/opinion/2013/10/a-necessary-evil-what-it-takes-for-democracy-to-survive-surveillance/
29. R&D agenda
• Trustworthy technology
– Build our own?
– Open source strategy
– Open scrutiny
– Certification program to ensure quality
●
Note worthy:
• People
• Ensure no harmful shortcuts are taken
30. Opportunity
CRA, November 2003, [unsolved] grand challenges:
● Economic
● Epidemic
● Engineering
● Human
http://archive.cra.org/Activities/grand.challenges/security/home.html
– The Economist, November 2015:
● “The cost of immaturity”
– Average time to breach detection 205 days
– Estimated global cost of 90m cyber-attacks: $575 billion
● “cyber-security industry is booming”
– Market: $75 billion a year now [...] $170 billion by 2020
– 2016:
● cloud, mobile, social media, and more: “Cybersecurity is terrible,
and will get worse”; IoT “will be a security disaster”
https://www.lightbluetouchpaper.org/2016/02/22/financial-cryptography-2016/
44. “Anything that happens, happens.
Anything that, in happening, causes
something else to happen, causes
something else to happen.
Anything that, in happening, causes
itself to happen again, happens again.
It doesn't necessarily do it in
chronological order, though.”
--Douglas N. Adams, “Mostly
Harmless”