Title: Nebraska University Consortium on Information Assurance
1Nebraska University Consortium on Information
Assurance
- An Overview of Hard Research Problems in Computer
Security - Prepared for
- eit2005
- 23 May 2005
- Blaine W. Burnham, PhD
- Executive Director,
- Nebraska University Consortium for Information
Assurance,(NUCIA) - College of IST
- Peter Kiewit Institute
- University of Nebraska, Omaha
2Hard Research Problems in Computer Security
- Outline
- Thems Fighting Words
- History
- Preamble
- Agendas
- Current Events
- Not so Current Events
- Really not-so-current Events
- Funding
- Hard Problems
- Reflections
- References
3Hard Research Problems in Computer Security
- Thems Fighting Words
- We have virtually no research base on which to
build truly secure systems. When funds are
scarce, researchers become very conservative, and
bold challenges to the conventional wisdom are
not likely to pass peer review. As a result
incrementalism has become the norm - Wm. A. Wulf. President, National Academy
of Engineering
4Hard Research Problems in Computer Security
- History
- The Ware Report
- The Anderson Report
- Research Program
- We will come back to tthis
- Saltzer-Schroeder 1975
- 100 References
- Its not like we have not ever done good research
5Hard Research Problems in Computer Security
- Preamble
- Considerable research being done, However,
there is a problem - The conference Story
- So we are faced with and interesting dilemma
- What is needed, interesting, important research
- What is relearning the forgotten past
- What is reinvention of the past
- We will see some of this as we move forward
- A question that needs to be always be up front.
- Suppose you had it 100 are you closer to
building secure systems?
6Hard Research Problems in Computer Security
Research Agendas / needs are all over the place
- 1998 NSF CIP workshop
- 1998 NSF/ONR Workshops
- Computer Security, Dependability
- and Assurance, see
- www.isse.gmu.edu/csis/conf/fns98
- 1999 Infosec Research Council
- INFOSEC Hard Problems List
- www.infosec-research.org/
- docs_public/
- 1999 NRC (DARPA/NSA) - Trust
- in Cyberspace
- http//www.nap.edu/books/0309065
- 585/html/index.html
- 2001 NITRD HCSS-CG report
- http//www.hpcc.gov/pubs/hcssresearch.
- 2002 CERIAS/Accenture
- Roadmap to Safer Wireless Worl
- 2002 PL 105-307 topic list
- 2002 NAS/CSTB IT for
- Counterterrorism www.nap.edu
- 2003 I3P Research Agenda
- 2003 NSTAC RD Exchange
- 2003 NITRD LSN/NRT
- workshop on scalable cybersecurity
- 2003 CRA Conference on "Grand
- Research Challenges in Information
- Security Assurance
7Hard Research Problems in Computer Security
- Current Events
- CRA Grand Challenges 11/2003
- Eliminate epidemic - style attacks within 10
years - Viruses and worms
- SPAM
- Denial of Service attacks (DOS)
- Develop tools and principles that allow
construction of large-scale systems for important
societal applications thatare highly trustworthy
despite being attractive targets. - E-voting
- Within 10 years, quantitative information-systems
risk management is at least as good as
quantitative financial risk management. - For the dynamic, pervasive computing environments
of the future, give end users security they can
understand and privacy they can control.
8Hard Research Problems in Computer Security
- Current Events
- PITAC (2004)
- Cyber Security A Crisis of Prioritization
- Focus on Ten Specified Areas
- Computer Authentication Methodologies
- Securing Fundamental Protocols
- Secure Software Engineering and Software
Assurance - Holistic System Security
- Monitoring and Detection
- Mitigation and Recovery Methodologies
- Cyber Forensics and Technology to Enable
Prosecution of Criminals - Modeling and Testbeds for New Technologies
- Metrics, Benchmarks, and Best Practices
- Societal and Governance Issues
- Each of these is expanded into specifics (More
Next) - Noted that the Nations Cyber Security Research
Community is too small to support the need - Recommended a 90m plus up to NSF
9Hard Research Problems in Computer Security
- Current Events
- PITAC (2004)
- For example
- Cyber Forensics and Technology to Enable
Prosecution of Criminals - Identifying the origin of cyber attacks,
including traceback of network traffic. - Secure Software Engineering and Software
Assurance - Programming languages and systems that include
fundamental security features - The discussion of the Buffer Overflow
- Root vulnerability for 50-85 of attacks
- ?C (and its red-headed stepchild, C) is
inherently unsafe - Securing Fundamental Protocols
- What is the science of protocols?
- Notice Anything??
10Hard Research Problems in Computer Security
- Current Events
- High Confidence Software and Systems Research
Needs. (2001) - Foundations
- Create the Science necessary to repeatably
construct high confidence systems as needed. - Note high confidence and secure may not be the
same thing - The composition problem
- Policy, Operation and Assurance
- The Decomposition Problem
- Tools and Techniques
- Manage Complexity
- Encapsulation and interface
- Error reduced complied code
- Do what I mean not what I said
- On the other hand why cannot compliers catch
bounds checking errors - Building Blocks
- Better COTS
- Robust System Design
- Design checkers
- Help with correct design.
11Hard Research Problems in Computer Security
- Not so Current Events
- Trust in CyberSpace (1999)
- Didnt list the problems
- Identification and Authentication in the large
- Foreign Code verse Trust
- The Problem of the Trojan Horse
- Hardware
- Minimum Essential Infrastructure
- What could be shed and what happens to the policy
and the operational capability - Fly-by-wire is and interesting case in point
- The Economic and Public Policy Perspective
- Why dont we have better stuff in the
marketplace?
12Hard Research Problems in Computer Security
- Not so Current Events
- Defense Science Board (1996)
- Research recommendations
- System architectures that degrade gracefully and
are resilient to failures or attacks directed at
single components - Methods for modeling, monitoring, and managing
large-scale distributed systems - Tools and techniques for automated detection and
analysis of localized or coordinated large-scale
attacks - Tools and methods for predicting anticipated
performance of survivable distributed systems
13Hard Research Problems in Computer Security
- Not so Current Events
- Computers at Risk (1991)
- The Research recommendations
- Generally accepted Security System Principles
- Create a repository of data about incidents
- Education in practice, ethics and engineering o
secure systems. - Establishment of a new institution to implement
these recommendations. - This last on turned out to be sort of a poison
pill. - Observes that university-based research in
computer security was at a dangerously low level
14Hard Research Problems in Computer Security
- Really not-so-current Events
- The Anderson Report (1972)
- Defines the Threat The Maliciouis User running
his code on my machine - Defines the problem Systems not designed to be
secure - States the Requirements
- An adequate systems access control mechanism
- An authorization mechanism
- Controlled Execution of a users program
- Postulates a Solution
- The Reference Monitor
- Lays out a 6 year research agenda that includes
- Design, architect, implement, certify, test and
move to procurement of the RM - Handbook of Computer Security
- Write down what we know
- Develop Secure Peripherals
- Encrypted communications
- Crypto Concentrators
- Encrypted File System
- Security aware Applications (DBMS)
15Hard Research Problems in Computer Security
- Funding
- An interesting perspective about the numbers
16Hard Research Problems in Computer Security
- Funding
- The Reality Simply put, the funding situation is
grim / bleak / harsh - Todays Rough Numbers
- NSF 37m (04) for research grants
- DHS 18m (04)
- DARPA 5m (04)
- NIST whole cyber security budget 10m
- Other Hard to tell. Tends to be very focused
on particular problem
17Hard Research Problems in Computer Security
- So what are some of the hard problems
- Secure Design this is now mostly art. We need
to have a science - Compare to Civil Engineering
- Design to Implementation How to be sure you get
what you design - What is the difference between and easter egg
and a Trojan Horse - Policy based components with consistent, well
understood interfaces - We have a flood of security stuff of
questionable worth and dubious pedigree not
helpful - The Composition Problem
- Need to understand how to reason about the whole
on the basis of the attributes of the parts
18Hard Research Problems in Computer Security
- So what are some of the hard problems
- Application Security
- Something of an oxymoron actually we need
security aware applications not quite the same as
policy enforcing applications but we need these
as well. - Metrics
- There is not much here at all. How do you
determine whether what you are building is
adequate. This is very tricky. We do not have a
design base accident. In fact we do not have a
accident context. Our context is that of the
malicious threat that is studying and learning
about me. - Assurance
- The basis for the belief that the system will
behave as expected. - Need high assurance COTS technology
- Security of Foreign and Mobile Code
- Actually need this for all code and the hardware
not just foreign and mobile
19Hard Research Problems in Computer Security
- Reflections
- A series of hard-won scientific advances gives
us the ability to field systems having verifiable
protection ,and an understanding of how to
powerfully leverage verifiable protection to meet
pressing system security needs. Yet, we as a
community lack the discipline, tenacity and will
to do the hard work to effectively deploy such
systems. Instead, we pursue pseudoscience and
flying pigs. In summary, the state of the science
in computer and network security is strong, but
it suffers unconscionable neglect. - Roger Schell
- Information Security Science, Pseudoscience,
and Flying Pigs
20Hard Research Problems in Computer Security
- References
- The Ware Report
- http//www.rand.org/publications/R/R609.1/R609.1.h
tml - The Anderson Report
- http//csrc.nist.gov/publications/history/ande72.p
df - SS 1975
- http//web.mit.edu/Saltzer/www/publications/protec
tion/ - Pitac Report
- http//www.hpcc.gov/pitac/reports/20050301_cyberse
curity/cybersecurity.pdf - Computers at Risk
- http//www.nap.edu/openbook/0309043883/html/
- Trust in Cyberspace
- http//www.nap.edu/readingroom/books/trust/
- Security Engineering
- http//www.cl.cam.ac.uk/users/rja14/
- Information Security Science, Pseudoscience, and
Flying Pigs - http//www.acsac.org/invited-essay/essays/2001-sch
ell.html - Make your software behave Learning the basics of
buffer overflows - http//www-106.ibm.com/developerworks/library/s-ov
erflows/index.html