White Hat Hacker

"There is no security in this life, only opportunity" -- Gen Douglas MacArthur 
« Back to blog
Viewed 274 times
Favorited 0 times
March 10, 2009

Dan Geer -- Keynote

Today I heard Dan Geer (http://en.wikipedia.org/wiki/Dan_Geer) speak at a conference.
 
I won't restate his talk as it should be released soon, but I found several of his comments interesting.
 
He observed that computer security is a renaissance field that draws on a great diversity of skills and backgrounds. He also observed it has a high rate of change, also like the Renaissance.
 
The first challenge of any research is to get the problem statement right. If you don't you'll only develop a solution in search of a problem and there are already too many security products like that. The other challenge is that the problem statement needs to remain stable.
 
The purpose of risk management is to improve our odds of future success, not explain the past.
 
Our adversaries are not random accidents and alpha particles, they are sentient.
 
In security considerations cost benefit analysis must fail because you can't price security. But cost effectiveness is relevant.
 
And the comment that caught me off guard, especially given my embedded software experience (which I'll be the first to caution is both limited and dated) was that embedded systems should either have no remote management interface or should be able to refuse a command. And they should come with a termination date (not his term but mine) so they stop working at a pre-determined point in the future rather than keep on working until they fail.
 
He lead up to his conclusion with other arguments and I'm inclined to say he got this one right. Think of all the embedded systems that are designed around programmable logic. If they connect to the internet, or come with a port, they should be capable of an update because there will be faults or new features. But they should also be able to refuse these updates so any attack against them is harder. Of course the implementation of something like this is hard. And hard means both more expensive and longer development cycles -- so it's not likely to be done right. Better to just make them single use or time-limited. So any attack will have limited cost effectiveness because the device will brick itself soon.

Comments (0)

Leave a comment...

 
Got an account with one of these? Login here, or just enter your comment below.
Posterous-login    Connect    twitter