Presentation is loading. Please wait.

Presentation is loading. Please wait.

Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy.

Published byEmilee Donat Modified over 9 years ago

Similar presentations

Presentation on theme: "Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy."— Presentation transcript:

1 Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara kemm@cs.ucsb.edu Trustworthy Cyberspace May 25, 2011 Richard A. Kemmerer

2 UC Santa Barbara Four Major Challenges Application specific flaws –How do we write a specification for “there are no application level flaws”? Dynamic monitoring –How do we design-in an after-deployment environment? Privacy –How do we help users understand the privacy implications of their actions? Human in the loop –How do we design-in protection against user errors? 2

3 UC Santa Barbara Application-level flaws Need to go beyond simple input vulnerabilities –e.g., SQL injections, cross-site scripting –Software/web framework could check for these Need to understand more complex vulnerabilities that are specific to a particular application –E.g., applying a discount multiple times or getting an item for free from Amazon –How can these be designed-in? 3

4 UC Santa Barbara Dynamic Monitoring Cannot statically prove the absence of all bugs Need an environment where systems can be continuously monitored after deployment –This environment needs to maintain/guarantee properties that were assumed during the development process –How is this after-deployment monitor designed-in during development? 4

5 UC Santa Barbara Privacy Cybersecurity must include privacy too Foolish users on social networks not only compromise their own private data, but the private data of their friends too Need to design-in warnings, etc. that let users know when they are jeopardizing their privacy Need to help users understand the implications of their actions 5

6 UC Santa Barbara Human in the Loop How is a formally verified system going to avoid “social engineering”? How does one specify/verify skinware? How do we design-in the capability to keep users from doing foolish things to themselves and others? 6

7 UC Santa Barbara 7 Questions?

Download ppt "Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy."

Similar presentations

Building Secure Mashups D. K. Smetters PARC Usable.

Building Secure Mashups D. K. Smetters PARC Usable.
Runtime Prevention & Recovery Protect existing applications Advantages: Prevents vulnerabilities from doing harm Safe mode for Web application execution.

Runtime Prevention & Recovery Protect existing applications Advantages: Prevents vulnerabilities from doing harm Safe mode for Web application execution.
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Operating System Security

Operating System Security
Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
Parcel Look-up City of Santa Barbara Community Development Department.

Parcel Look-up City of Santa Barbara Community Development Department.
SO YOU WANT TO BE A HACKER? Maybe not yet, but you will at the end of the hour!

SO YOU WANT TO BE A HACKER? Maybe not yet, but you will at the end of the hour!
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Spotting Web Vulnerabilities (from the eyes of an Script Kiddie)

Spotting Web Vulnerabilities (from the eyes of an Script Kiddie)
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Privacy: Challenges and Opportunities Tadayoshi Kohno Department of Computer Science and Engineering University of Washington.

Privacy: Challenges and Opportunities Tadayoshi Kohno Department of Computer Science and Engineering University of Washington.
Software Security David Wagner University of California at Berkeley.

Software Security David Wagner University of California at Berkeley.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
CS 441: Charles Durran Kelly.  What are Wireless Sensor Networks?  WSN Challenges  What is a Smartphone Sensor Network?  Why use such a network? 

CS 441: Charles Durran Kelly.  What are Wireless Sensor Networks?  WSN Challenges  What is a Smartphone Sensor Network?  Why use such a network? 
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Similar presentations

Ads by Google