Crispin Cowan, Ph.D. -
Security PM, Microsoft
Death, Taxes, and Imperfect Software: Surviving the Inevitable
Computers have advanced so much in the 75 years of computing history that one might wonder why we still cannot make a secure computer system. Sure it is hard, but lots of things are hard, and other computing problems fall to the onslaught of determined research. So why can't we make computers secure? This talk will examine the theoretical underpinnings of computer security, going all the way back to the original work by Alan Turing in 1932, to discover that reliably building secure software systems is actually provably impossible. We will also explore the socio-economic factors that make even building kind-of secure systems unlikely.
Thus we are stuck with the problem of defending a perpetually vulnerable software base. We then explore the field of intrusion prevention; the art of defending systems despite latent vulnerabilities. Intrusion prevention also has a theoretical history, this time going back to Boyd, a fighter jet pilot from the 1950s. We will explain how Boyd's theories of engagement apply to modern intrusion prevention, and use this perspective to survey the range of ways that vulnerable systems can be defended, bringing us back to the modern context as we go "Turing" around the security problem.
Operating systems such as OS X, Linux, Unix and Vista have made significant improvements, but vulnerability remains. This presentation will describe what it takes to increase host security to the point where the OS could become a medium surety building block for enterprise environments, and what to do in the current low surety interval.
Bio:
Crispin Cowan has been in the computer business for 25 years, and security for 10 years. He was the CTO and founder of Immunix, Inc., acquired by Novell in 2005. Dr. Cowan is now a security program manager in the Microsoft Core Operating System Division, working on security features for Windows. Dr. Cowan developed several host security technologies under DARPA funding, including prominent technologies like the StackGuard compiler defense against buffer overflows, and the LSM (Linux Security Modules) interface in Linux 2.6. Dr. Cowan also co-invented the "time-to-patch" method of assessing when it is safe to apply a security patch. Prior to founding Immunix, he was a professor with the Oregon Graduate Institute. He is the program co-chair for the 2007 and 2008 Network and Distributed System Security conferences. He holds a Ph.D. from the University of Western Ontario and a Masters of Mathematics from the University of Waterloo.
|