Turing Around The Security Problem presented at 15th USENIX Security Symposium 2006

by Crispin Cowan,

Tags: Security

Summary : Computers have advanced so much in the 75 years of computing history that one might wonder why we still cannot make a secure computer system. Sure, it is hard, but lots of things are hard, and other computing problems fall before the onslaught of determined research. So why can't we make computers secure? This talk will examine the theoretical underpinnings of computer security, going all the way back to the original work by Alan Turing in 1932, to discover that reliably building secure software systems is actually provably impossible. We will also explore the socio-economic factors that make even building kind-of-secure systems unlikely.
Thus we are stuck with the problem of defending a perpetually vulnerable software base. We then explore the field of intrusion prevention; the art of defending systems despite latent vulnerabilities. Intrusion prevention also has a theoretical history, this time going back to Boyd, a fighter jet pilot from the 1950s. We will explain how Boyd's theories of engagement apply to modern intrusion prevention, and use this perspective to survey the range of ways that vulnerable systems can be defended, bringing us back to the modern context as we go "Turing" around the security problem.