Current computer systems are built in layers. The hardware increasingly has features to support security. Then a hypervisor/VMM is wrapped around the hardware. A guest OS runs on top of the hypervisor. Complex libraries use the OS. And finally the application sits on top of this whole stack. The current approach to building secure systems … Continue reading Attack in depth
The dream of building provably correct software seems to be coming closer to reality. It is very cool to see all the recent work on the systems community on building provably correct systems components. At the same time, I'm worried that the training of software developers actually involves less formal logic compared to a generation ago. … Continue reading The logic deficit
Bad people can make your computer do the wrong things and tell the bad people about stuff they are not supposed to know. People try to make computers that only do the right things. But it is hard to tell a computer what it should do because you have to think of all the mean … Continue reading What I do
Good Programmers are Master Architects Good programmers understand that they are building a complex structure with layers stacked upon other layers. They think critically about their design, and they know they need a strong, reliable foundation to support their work. Since their systems have many interdependent parts, they design carefully to limit these dependencies so that failures and … Continue reading Why Good Programmers are Master Architects, Negotiators, Gardeners, and Detectives
Nice article about how deterrence cannot work for computer security at Slate. The real problem is that computing systems are generally vulnerable to attack. This is not an inevitable state of affairs, but currently no one knows how to build secure, usable systems in a cost-effective way. It is not merely an engineering problem; it … Continue reading Deterrence
An allegory for computer security. You have lived all your life in a quickly growing town, whose growth has been sped up by constructing all the buildings out of wood. Some buildings in town are huge structures that have been repeatedly expanded with new wings and towers; others are simple shacks that are put up … Continue reading The Wooden Firehouse
The theft of data from the Office of Personnel Management is a disaster with long-lasting consequences. It is hard to imagine what event —without causing broad, immediate physical damage— could give the government a stronger incentive to support work on improving computer security. I'm worried the opportunity will be missed anyway. Current computing systems are … Continue reading The OPM disaster and computer security
I hear periodically that computer security is hopeless because there is always a way for the adversary to get around whatever security mechanisms are in place. This view misunderstands the point of security mechanisms. It's true that there is no such thing as absolute security: an adversary with unbounded power and resources can defeat all … Continue reading Why security mechanisms matter
When I was a graduate student at MIT, at some point we discovered that all of our systems had been compromised. I happened to have earlier hacked up a network monitoring tool that was a very graphical version of tcpdump, enabling us to rapidly figure out that the attacker was coming into via a computer … Continue reading A Hippocratic Oath for computer security research?
Neil deGrasse Tyson received a lot of derision for calling for "unhackable systems" recently. I'm a bit perplexed by this response. On the positive side, it's clear that it is widely understood that current computer systems are very far from unhackable. On the negative, the common understanding (at least among those on Twitter) seems to … Continue reading Unhackable computers?