2003 uw-msr-cmu software security summer institute jim larusmicrosoft research jeannette...

2003 UW-MSR-CMU

Software SecuritySummer Institute

Jim Larus Microsoft ResearchJeannette Wing Carnegie MellonJohn Zahorjan Univ. WashingtonScott Dakins Univ. Washington

http://research.microsoft.com/projects/SWSecInstitute/

2Summer Institute Jeannette M. Wing

History of Summer Institutes

• Jointly organized by Microsoft Research and University of Washington Computer Science Department

• Goal– To bring leading researchers to the beautiful Pacific Northwest in

the summertime to collaborate on key topics in computer science.

• Institutes – 1997 - Data Mining– 1998 - Intelligent Systems– 1999

• Invisible Computing• Technologies to Improve Software Development

– 2000 - Sharing Software Tool Infrastructure– 2001 - Specifying and Checking Properties of Software– 2003 – Software Security

• Funded by Microsoft Research• This year Carnegie Mellon joins, in both organizing and

funding it (Center for Computer and Communications Security C3S).


Logistics

• Room, travel, reimbursement, excursion, meals, shirts, folders– Dakins

• Technical program– Wing, Larus, Zahorjan

• Meals– Sunday reception and dinner: Stevenson Ballroom “A”– All other meals: Main Dining Room

• Net connections• Meetings

– Hood Meeting Room– Slides to Jim.

• Five Minute Madness (Monday night)– Slides, if you want, to me.– Transparencies available before and during event


Introductions

• Software Security Institute– motivation, overview, and goals

• To each other


Why Are We All Here?

• Security is important.• Security is hard.

• Software keeps growing in size and complexity.• Software users keep growing in number and

diversity.How can we build more secure software systems?

• Technical challenges.

• Professional responsibility to society.


The Security Elephant

• Layers– Cryptography– Protocols (authentication, communication, …)– Computer security (O/S, devices, file system, …)– Network security (distributed systems, firewalls,

intrusion detection, …)– Administrators, users, and attackers

• Properties (buzzwords)– Confidentiality, integrity, availability, privacy,

anonymity, secrecy, trustworthy, high-assurance, …


The Software Elephant

• Layers, artifacts– Code, programs– Low-level design, specifications & unit tests– High-level design (architecture), specifications & system

tests– Applications, documentation– Users

• Properties– Correctness, performance, predictability, ease-of-use, …– Modularity/composability, simplicity/complexity, …


Past and Present

• Some Old Ideas– Orange Book

• Military-style classifications• Formal models of security• Complete (top-to-bottom, inside-out) verification

– Security perimeter• Securing a single machine

• Today’s spectrum

Management

Crypto can’t solve everything

Can’t leave it all to the sysadmins

Theory

and


Trends Covered Here

• Human-computer interfaces (Mon. morn)– Biometrics, usable security, ubiquitous security

• Program analysis techniques (Mon. aft)– Overcoming programming language flaws– Detecting specific security flaws (e.g., buffer overrun)– Checking specific security properties (e.g., information flow)

• Distributed systems techniques (Tues. morn and eve)– Replication, secret-sharing, naming, network protocols, worms

• Measuring and managing security (Tues. aft)– Field reports from CERT, MS Secure Windows Initiative

• Computer architecture trends (Wed morn)– NGSCB (Palladium), bit-level integrity, code obfuscation

• Software engineering practices (Wed aft)– Open source, software architecture, privacy architecture

• New mathematical models– randomization


Trends (Not Explicitly Covered Here)

• E-commerce• E-voting• Spam• Privacy, a la TIA• Digital rights management• Communications, e.g., wireless, broadband

• New mathematical models– Game theory– Econometrics

`


Questions for You

• What is the piece of the security puzzle that you are solving?

• How does your solution interact with someone else’s?

• How can you combine your solutions?

• As a practitioner, what design principles do you follow to make your system more secure?

• As a researcher, how does your method/language/tool help developers build more secure software systems?

• What are your principal unmet technical challenges?


Some Personal Musings

1. Reliability and Security

2. Components and Compositionality

?0 buffer overruns more reliable code more secure

system a. certainly not b. and if by how much “more secure” really?

M1 and M2 M1 + M2 s

a. For what might hold? For what +?

b. For what scale Mi? Function, class, set of …, system of sets of …?

c. How can we check if holds?

d. How can we construct Mi and define + to guarantee holds?

e. Suppose we let s to be different?

=s

=s

=s =

=s

?

=s


Some Personal Musings

3. Security by Design

a. How can we evaluate one design over another wrt security? b. Are there design rules to follow? Metrics to help

evaluation?

4. Security and Privacy

a. What’s the technical distinction?

security = prevents unauthorized access to data

privacy = prevents unauthorized use of data

b. Threat models for privacy


Institute Overview, by the Numbers

• 41 participants– 16 industry (11 research labs, 5 other)– 22 academia– 3 government or independent

• 6 invited talks• 21 other talks• 5 challenge problems + 1 silly brain teaser• 3 town hall discussions• 1 Five Minute Madness• 1 work-and-play excursion• + …some free time!


Institute Goals• Educate• Investigate

– What is the state of the art in building secure software systems?

• How big is the gap between research and practice?– What are the key open problems?

• E.g., what would make good Ph.D. thesis topics for today’s graduate students interested in security?

• Foster Interaction– Town hall discussions– Discussions during and after each presentation– Half-hour breaks, meals– Tuesday afternoon excursion

• Document– Presentations: abstracts and slides by speakers– Challenge problems, solutions– Papers contributed by you• Have Fun!


Institute Participants

• Dirk Balfanz (PARC) • Steve Bellovin (AT&T) • Brian Bershad (UW) • Christian Collberg (Univ. of Arizona) • Crispin Cowan (Immunix) • John DeTreville (Microsoft) • Carl Ellison (Intel) • Matt Franklin (UC Davis) • Li Gong (Sun) • Steven Gribble (UW) • Matthias Jacob (Princeton) • Somesh Jha (Univ. of Wisconsin) • Dick Kemmerer (UC Santa Barbara) • Angelos Keromytis (Columbia Univ.) • Darko Kirovski (Microsoft) • Larry Koved (IBM) • Jim Larus (Microsoft) • Butler Lampson (Microsoft) • Steve Lipner (Microsoft) • Tom Longstaff (SEI/CERT) • Udi Manber (Amazon)

• John Manferdelli (Microsoft) • Gary McGraw (Cigital) • Catherine Meadows (NRL) • Andrew Myers (Cornell Univ.) • Adrian Perrig (CMU) • Jon Pincus (Microsoft) • Radha Poovendran (UW) • Niels Provos (Univ. of Michigan) • Mike Reiter (CMU) • Jim Roskind (formerly of

AOL/Netscape) • Stefan Savage (UC San Diego) • Fred Schneider (Cornell Univ.) • Dan Simon (Microsoft) • Dawn Song (CMU) • Doug Tygar (UC Berkeley) • David Wagner (UC Berkeley) • Dan S. Wallach (Rice Univ.) • Chenxi Wang (CMU) • Jeannette Wing (CMU) • John Zahorjan (UW)


Introductions

• Name• Affiliation: institution, title• One short sentence

2003 uw-msr-cmu software security summer institute jim larusmicrosoft research jeannette...

Documents