Scribd
Upload
44 views

Foundations of Computer Security: Lecture 2: Why Security Is Hard

This document summarizes key points from a lecture on why security is hard. It provides several reasons why security is more difficult than other technological problems: 1) Security aims to prevent bad things from happening rather than ensure good things happen. 2) Attackers only need to find one vulnerability while defenders must eliminate all vulnerabilities. 3) Security has to consider actively malicious adversaries trying to defeat all protection efforts. Perfect security is impossible, so there is always a tradeoff between security and other system goals like functionality.

Uploaded by

Mc Robinson Regucera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
44 views

Foundations of Computer Security: Lecture 2: Why Security Is Hard

This document summarizes key points from a lecture on why security is hard. It provides several reasons why security is more difficult than other technological problems: 1) Security aims to prevent bad things from happening rather than ensure good things happen. 2) Attackers only need to find one vulnerability while defenders must eliminate all vulnerabilities. 3) Security has to consider actively malicious adversaries trying to defeat all protection efforts. Perfect security is impossible, so there is always a tradeoff between security and other system goals like functionality.

Uploaded by

Mc Robinson Regucera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Foundations of Computer Security

Lecture 2: Why Security is Hard

Dr. Bill Young


Department of Computer Sciences
University of Texas at Austin

Lecture 2: 1 Why Security is Hard


Is Cyber Security Particularly Hard?

Question: Why would security be any more difficult than most


technological problems?

Answer 1: Most technology-related efforts are concerned with


ensuring that something good happens. Security is all about
ensuring that bad things never happen.

In security, not only do you have to find “bugs” that make the
system behave differently than expected, you have to identify any
features of the system that are susceptible to misuse and abuse,
even if your programs behave exactly as you expect them to.

Lecture 2: 2 Why Security is Hard


What Bad Things?

Answer 2: If security is all about ensuring that bad things never


happen, that means we have to know what those bad things are.

The hardest thing about security is convincing yourself that you’ve


thought of all possible attack scenarios, before the attacker thinks
of them.

“A good attack is one that the engineers never thought of.”


–Bruce Schneier

Lecture 2: 3 Why Security is Hard


Programming Satan’s Computer

Answer 3: Unlike most technology problems, you have to defeat


one or more actively malicious adversaries.

Ross Anderson characterizes this as “Programming Satan’s


Computer.” The environment in which your program is deployed
works with malice and intelligence to defeat your every effort.

The defender has to find and eliminate all exploitable


vulnerabilities; the attacker only needs to find one!

Lecture 2: 4 Why Security is Hard


Easiest Penetration

Answer 4: Information management systems are a complex,


“target-rich” environment comprising: hardware, software, storage
media, peripheral devices, data, people.

Principle of Easiest Penetration: an intruder will use any


available means to subvert the security of a system.

“If one overlooks the basement windows while assessing the risks
to one’s house, it does not matter how many alarms are put on the
doors and upstairs windows.” –Melissa Danforth

Lecture 2: 5 Why Security is Hard


Security Isn’t the Point

Answer 5: Security is often an afterthought. No-one builds a


digital system for the purpose of being secure. They build digital
systems to do something useful.

Security mechanisms may be viewed as a nuisance to be subverted,


bypassed, or disabled.

Lecture 2: 6 Why Security is Hard


Upshot: Perfect Security Ain’t Happening

Perfect security is probably impossible in any useful system.

“The three golden rules to ensure computer security are: do not


own a computer; do not power it on; and do not use it.” –Robert
H. Morris, former Chief Scientist of the National Computer
Security Center (early 1980’s)

“Unfortunately the only way to really protect [your computer] right


now is to turn it off, disconnect it from the Internet, encase it in
cement and bury it 100 feet below the ground.” –Prof. Fred
Chang, former director of research at NSA (2009)

Lecture 2: 7 Why Security is Hard


If Security Gets in the Way

Security is meant to prevent bad things from happening; one


side-effect is often to prevent useful things from happening.

Typically, a tradeoff is necessary between security and other


important project goals: functionality, usability, efficiency,
time-to-market, and simplicity.

Lecture 2: 8 Why Security is Hard


Some Lessons

He who defends everything defends nothing. –old military adage

Security is difficult for several reasons.


Since you can never achieve perfect security, there is always a
tradeoff between security and other system goals.

Next lecture: Security as Risk Management

Lecture 2: 9 Why Security is Hard

You might also like