Sort By:

Trustworthy AI using Confidential Federated Learning:
Federated learning and confidential computing are not competing technologies.

The principles of security, privacy, accountability, transparency, and fairness are the cornerstones of modern AI regulations. Classic FL was designed with a strong emphasis on security and privacy, at the cost of transparency and accountability. CFL addresses this gap with a careful combination of FL with TEEs and commitments. In addition, CFL brings other desirable security properties, such as code-based access control, model confidentiality, and protection of models during inference. Recent advances in confidential computing such as confidential containers and confidential GPUs mean that existing FL frameworks can be extended seamlessly to support CFL with low overheads.

by Jinnan Guo, Peter Pietzuch, Andrew Paverd, Kapil Vaswani | May 24, 2024


Confidential Computing or Cryptographic Computing?:
Tradeoffs between cryptography and hardware enclaves

Secure computation via MPC/homomorphic encryption versus hardware enclaves presents tradeoffs involving deployment, security, and performance. Regarding performance, it matters a lot which workload you have in mind. For simple workloads such as simple summations, low-degree polynomials, or simple machine-learning tasks, both approaches can be ready to use in practice, but for rich computations such as complex SQL analytics or training large machine-learning models, only the hardware enclave approach is at this moment practical enough for many real-world deployment scenarios.

by Raluca Ada Popa | May 23, 2024


Confidential Container Groups:
Implementing confidential computing on Azure container instances

The experiments presented here demonstrate that Parma, the architecture that drives confidential containers on Azure container instances, adds less than one percent additional performance overhead beyond that added by the underlying TEE. Importantly, Parma ensures a security invariant over all reachable states of the container group rooted in the attestation report. This allows external third parties to communicate securely with containers, enabling a wide range of containerized workflows that require confidential access to secure data. Companies obtain the advantages of running their most confidential workflows in the cloud without having to compromise on their security requirements.

by Matthew A. Johnson, Stavros Volos, Ken Gordon, Sean T. Allen, Christoph M. Wintersteiger, Sylvan Clebsch, John Starks, Manuel Costa | May 22, 2024


Elevating Security with Arm CCA:
Attestation and verification are integral to adopting confidential computing.

Confidential computing has great potential to improve the security of general-purpose computing platforms by taking supervisory systems out of the TCB, thereby reducing the size of the TCB, the attack surface, and the attack vectors that security architects must consider. Confidential computing requires innovations in platform hardware and software, but these have the potential to enable greater trust in computing, especially on devices that are owned or controlled by third parties. Early consumers of confidential computing will need to make their own decisions about the platforms they choose to trust.

by Charles Garcia-Tobin, Mark Knight | May 17, 2024


Developer Ecosystems for Software Safety:
Continuous assurance at scale

How to design and implement information systems so that they are safe and secure is a complex topic. Both high-level design principles and implementation guidance for software safety and security are well established and broadly accepted. For example, Jerome Saltzer and Michael Schroeder's seminal overview of principles of secure design was published almost 50 years ago, and various community and governmental bodies have published comprehensive best practices about how to avoid common software weaknesses.

by Christoph Kern | February 29, 2024


The Security Jawbreaker:
Access to a system should not imply authority to use it. Enter the principle of complete mediation.

When someone stands at the front door of your home, what are the steps to let them in? If it is a member of the family, they use their house key, unlocking the door using the authority the key confers. For others, a knock at the door or doorbell ring prompts you to make a decision. Once in your home, different individuals have differing authority based on who they are. Family members have access to your whole home. A close friend can roam around unsupervised, with a high level of trust. An appliance repair person is someone you might supervise for the duration of the job to be done.

by Phil Vachon | December 3, 2023


Protecting Secrets from Computers

Bob is in prison and Alice is dead; they trusted computers with secrets. Review time-tested tricks that can help you avoid the grim fate of the old crypto couple.

by Terence Kelly | September 20, 2023


Creating the First Confidential GPUs:
The team at NVIDIA brings confidentiality and integrity to user code and data for accelerated computing.

Today's datacenter GPU has a long and storied 3D graphics heritage. In the 1990s, graphics chips for PCs and consoles had fixed pipelines for geometry, rasterization, and pixels using integer and fixed-point arithmetic. In 1999, NVIDIA invented the modern GPU, which put a set of programmable cores at the heart of the chip, enabling rich 3D scene generation with great efficiency.

by Gobikrishna Dhanuskodi, Sudeshna Guha, Vidhya Krishnan, Aruna Manjunatha, Michael O'Connor, Rob Nertney, Phil Rogers | September 7, 2023


Why Should I Trust Your Code?:
Confidential computing enables users to authenticate code running in TEEs, but users also need evidence this code is trustworthy.

For Confidential Computing to become ubiquitous in the cloud, in the same way that HTTPS became the default for networking, a different, more flexible approach is needed. Although there is no guarantee that every malicious code behavior will be caught upfront, precise auditability can be guaranteed: Anyone who suspects that trust has been broken by a confidential service should be able to audit any part of its attested code base, including all updates, dependencies, policies, and tools. To achieve this, we propose an architecture to track code provenance and to hold code providers accountable. At its core, a new Code Transparency Service (CTS) maintains a public, append-only ledger that records all code deployed for confidential services.

by Antoine Delignat-Lavaud, Cédric Fournet, Kapil Vaswani, Sylvan Clebsch, Maik Riechert, Manuel Costa, Mark Russinovich | September 7, 2023


Hardware VM Isolation in the Cloud:
Enabling confidential computing with AMD SEV-SNP technology

Confidential computing is a security model that fits well with the public cloud. It enables customers to rent VMs while enjoying hardware-based isolation that ensures that a cloud provider cannot purposefully or accidentally see or corrupt their data. SEV-SNP was the first commercially available x86 technology to offer VM isolation for the cloud and is deployed in Microsoft Azure, AWS, and Google Cloud. As confidential computing technologies such as SEV-SNP develop, confidential computing is likely to simply become the default trust model for the cloud.

by David Kaplan | September 7, 2023


Confidential Computing: Elevating Cloud Security and Privacy:
Working toward a more secure and innovative future

Confidential Computing (CC) fundamentally improves our security posture by drastically reducing the attack surface of systems. While traditional systems encrypt data at rest and in transit, CC extends this protection to data in use. It provides a novel, clearly defined security boundary, isolating sensitive data within trusted execution environments during computation. This means services can be designed that segment data based on least-privilege access principles, while all other code in the system sees only encrypted data. Crucially, the isolation is rooted in novel hardware primitives, effectively rendering even the cloud-hosting infrastructure and its administrators incapable of accessing the data.

by Mark Russinovich | September 7, 2023


How Flexible is CXL's Memory Protection?:
Replacing a sledgehammer with a scalpel

CXL, a new interconnect standard for cache-coherent memory sharing, is becoming a reality - but its security leaves something to be desired. Decentralized capabilities are flexible and resilient against malicious actors, and should be considered while CXL is under active development.

by Samuel W. Stark, A. Theodore Markettos, Simon W. Moore | July 5, 2023


Security Mismatch:
Security must be a business enabler, not a hinderer.

Information security teams that say 'no' need to change. Hiding behind a moat makes repelling attacks easy, but bridges allow you to replenish supplies and foster relationships with customers? castles. Remember, a security team's role is to empower their business to move forward with confidence, not to hinder progress.

by Phil Vachon | July 3, 2023


Opportunity Cost and Missed Chances in Optimizing Cybersecurity:
The loss of potential gain from other alternatives when one alternative is chosen

Opportunity cost should not be an afterthought when making security decisions. One way to ease into considering complex alternatives is to consider the null baseline of doing nothing instead of the choice at hand. Opportunity cost can feel abstract, elusive, and imprecise, but it can be understood by everyone, given the right introduction and framing. Using the approach presented here will make it natural and accessible.

by Kelly Shortridge, Josiah Dykstra | April 4, 2023


The Rise of Fully Homomorphic Encryption:
Often called the Holy Grail of cryptography, commercial FHE is near.

Once commercial FHE is achieved, data access will become completely separated from unrestricted data processing, and provably secure storage and computation on untrusted platforms will become both relatively inexpensive and widely accessible. In ways similar to the impact of the database, cloud computing, PKE, and AI, FHE will invoke a sea change in how confidential information is protected, processed, and shared, and will fundamentally change the course of computing at a foundational level.

by Mache Creeger | September 26, 2022


From Zero to One Hundred:
Demystifying zero trust and its implications on enterprise people, process, and technology

Changing network landscapes and rising security threats have imparted a sense of urgency for new approaches to security. Zero trust has been proposed as a solution to these problems, but some regard it as a marketing tool to sell existing best practice while others praise it as a new cybersecurity standard. This article discusses the history and development of zero trust and why the changing threat landscape has led to a new discourse in cybersecurity.

by Matthew Bush, Atefeh Mashatan | September 19, 2022


The Arrival of Zero Trust: What Does it Mean?

It used to be that enterprise cybersecurity was all castle and moat. First, secure the perimeter and then, in terms of what went on inside that, Trust, but verify. The perimeter, of course, was the corporate network. But what does that even mean at this point? With most employees now working from home at least some of the time and organizations relying increasingly on cloud computing, there is no such thing as a single, enterprise-wide perimeter anymore. And, with corporate security breaches having become a regular news item over the past two decades, trust has essentially evaporated as well.

by Michael Loftus, Andrew Vezina, Rick Doten, Atefeh Mashatan | September 16, 2022


Securing the Company Jewels:
GitHub and runbook security

Often the problem with a runbook isn't the runbook itself, it's the runner of the runbook that matters. A runbook, or a checklist, is supposed to be an aid to memory and not a replacement for careful and independent thought. But our industry being what it is, we now see people take these things to their illogical extremes, and I think this is the problem you are running into with your local runbook runner.

by George V. Neville-Neil | July 25, 2022


When Should a Black Box Be Transparent?:
When is a replacement not a replacement?

The right answer in these cases is to ask the vendor for as much information as possible to reduce the risk in accepting this so-called replacement. First, ask for the test plans and test output so you can understand whether they tested the component in a way that relates to your use case. Just because they tested the thing doesn't mean they tested all the parts your product cares about. In fact, it's unlikely they did.

by George V. Neville-Neil | June 1, 2022


Lamboozling Attackers: A New Generation of Deception:
Software engineering teams can exploit attackers' human nature by building deception environments.

The goal of this article is to educate software leaders, engineers, and architects on the potential of deception for systems resilience and the practical considerations for building deception environments. By examining the inadequacy and stagnancy of historical deception efforts by the information security community, the article also demonstrates why engineering teams are now poised to become significantly more successful owners of deception systems.

by Kelly Shortridge, Ryan Petrich | October 28, 2021


Quantum-safe Trust for Vehicles:
The race is already on

In the automotive industry, cars now coming off assembly lines are sometimes referred to as "rolling data centers" in acknowledgment of all the entertainment and communications capabilities they contain. The fact that autonomous driving systems are also well along in development does nothing to allay concerns about security. Indeed, it would seem the stakes of automobile cybersecurity are about to become immeasurably higher just as some of the underpinnings of contemporary cybersecurity are rendered moot.

by Michael Gardiner, Alexander Truskovsky, George Neville-Neil, Atefeh Mashatan | May 24, 2021


The Complex Path to Quantum Resistance:
Is your organization prepared?

There is a new technology on the horizon that will forever change the information security and privacy industry landscape. Quantum computing, together with quantum communication, will have many beneficial applications but will also be capable of breaking many of today's most popular cryptographic techniques that help ensure data protection?in particular, confidentiality and integrity of sensitive information. These techniques are ubiquitously embedded in today's digital fabric and implemented by many industries such as finance, health care, utilities, and the broader information communication technology (ICT) community.

by Atefeh Mashatan, Douglas Heintzman | May 17, 2021


The Die is Cast:
Hardware Security is Not Assured

The future of hardware security will evolve with hardware. As packaging advances and focus moves to beyond Moore's law technologies, hardware security experts will need to keep ahead of changing security paradigms, including system and process vulnerabilities. Research focused on quantum hacking is emblematic of the translation of principles of security on the physical attack plane for emerging communications and computing technologies. Perhaps the commercial market will evolve such that the GAO will run a study on compromised quantum technologies in the not-too-distant future.

by Edlyn V. Levine | October 20, 2020


Security Analysis of SMS as a Second Factor of Authentication:
The challenges of multifactor authentication based on SMS, including cellular security deficiencies, SS7 exploits, and SIM swapping

Despite their popularity and ease of use, SMS-based authentication tokens are arguably one of the least secure forms of two-factor authentication. This does not imply, however, that it is an invalid method for securing an online account. The current security landscape is very different from that of two decades ago. Regardless of the critical nature of an online account or the individual who owns it, using a second form of authentication should always be the default option, regardless of the method chosen.

by Roger Piqueras Jover | September 22, 2020


Broken Hearts and Coffee Mugs:
The ordeal of security reviews

Overall, there are two broad types of security review: white box and black box. A white-box review is one in which the attackers have nearly full access to information such as code, design documents, and other information that will make it easier for them to design and carry out a successful attack. A black-box review, or test, is one in which the attackers can see the system only in the same way that a normal user or consumer would.

by George Neville-Neil | June 17, 2020


Time Protection in Operating Systems and Speaker Legitimacy Detection:
Operating system-based protection from timing-based side-channel attacks; implications of voice-imitation software

Timing-based side-channel attacks are a particularly tricky class of attacks to deal with because the very thing you’re often striving for can give you away. There are always more creative new instances of attacks to be found, so you need a principled way of thinking about defenses that address the class, not just a particular instantiation. That’s what Ge et al. give us in "Time Protection, the Missing OS Abstraction." Just as operating systems prevent spatial inference through memory protection, so future operating systems will need to prevent temporal inference through time protection. It’s going to be a long road to get there.

by Adrian Colyer | July 9, 2019


Security for the Modern Age:
Securely running processes that require the entire syscall interface

Giving operators a usable means of securing the methods they use to deploy and run applications is a win for everyone. Keeping the usability-focused abstractions provided by containers, while finding new ways to automate security and defend against attacks, is a great path forward.

by Jessie Frazelle | December 19, 2018


Understanding Database Reconstruction Attacks on Public Data:
These attacks on statistical databases are no longer a theoretical danger.

With the dramatic improvement in both computer speeds and the efficiency of SAT and other NP-hard solvers in the last decade, DRAs on statistical databases are no longer just a theoretical danger. The vast quantity of data products published by statistical agencies each year may give a determined attacker more than enough information to reconstruct some or all of a target database and breach the privacy of millions of people. Traditional disclosure-avoidance techniques are not designed to protect against this kind of attack.

by Simson Garfinkel, John M. Abowd, Christian Martindale | November 28, 2018


How to Live in a Post-Meltdown and -Spectre World:
Learn from the past to prepare for the next battle.

Spectre and Meltdown create a risk landscape that has more questions than answers. This article addresses how these vulnerabilities were triaged when they were announced and the practical defenses that are available. Ultimately, these vulnerabilities present a unique set of circumstances, but for the vulnerability management program at Goldman Sachs, the response was just another day at the office.

by Rich Bennett, Craig Callahan, Stacy Jones, Matt Levine, Merrill Miller, Andy Ozment | September 25, 2018


Reducing the Attack Surface:
Sometimes you can give the monkey a less dangerous club.

The best way to reduce the attack surface of a piece of software is to remove any unnecessary code. Since you now have two teams demanding that you leave in the code, it’s probably time to think about making two different versions of your binary. The application sounds like it’s an embedded system, so I’ll guess that it’s written in C and take it from there.

by George Neville-Neil | November 14, 2017


Bitcoin’s Academic Pedigree:
The concept of cryptocurrencies is built from forgotten ideas in research literature.

We’ve seen repeatedly that ideas in the research literature can be gradually forgotten or lie unappreciated, especially if they are ahead of their time, even in popular areas of research. Both practitioners and academics would do well to revisit old ideas to glean insights for present systems. Bitcoin was unusual and successful not because it was on the cutting edge of research on any of its components, but because it combined old ideas from many previously unrelated fields. This is not easy to do, as it requires bridging disparate terminology, assumptions, etc., but it is a valuable blueprint for innovation.

by Arvind Narayanan, Jeremy Clark | August 29, 2017


IoT: The Internet of Terror:
If it seems like the sky is falling, that’s because it is.

It is true that many security-focused engineers can sound like Chicken Little, running around announcing that the sky is falling, but, unless you’ve been living under a rock, you will notice that, indeed, the sky IS falling. Not a day goes by without a significant attack against networked systems making the news, and the Internet of Terror is leading the charge in taking distributed systems down the road to hell - a road that you wish to pave with your good intentions.

by George Neville-Neil | July 6, 2017


Internal Access Controls:
Trust, but Verify

Every day seems to bring news of another dramatic and high-profile security incident, whether it is the discovery of longstanding vulnerabilities in widely used software such as OpenSSL or Bash, or celebrity photographs stolen and publicized. There seems to be an infinite supply of zero-day vulnerabilities and powerful state-sponsored attackers. In the face of such threats, is it even worth trying to protect your systems and data? What can systems security designers and administrators do?

by Geetanjali Sampemane | December 10, 2014


Quality Software Costs Money - Heartbleed Was Free:
How to generate funding for FOSS

The world runs on free and open-source software, FOSS for short, and to some degree it has predictably infiltrated just about any software-based product anywhere in the world.

by Poul-Henning Kamp | June 19, 2014


Who Must You Trust?:
You must have some trust if you want to get anything done.

In his novel The Diamond Age, author Neal Stephenson describes a constructed society (called a phyle) based on extreme trust in one’s fellow members. Part of the membership requirements is that, from time to time, each member is called upon to undertake certain tasks to reinforce that trust. For example, a phyle member might be told to go to a particular location at the top of a cliff at a specific time, where he will find bungee cords with ankle harnesses attached. The other ends of the cords trail off into the bushes. At the appointed time he is to fasten the harnesses to his ankles and jump off the cliff.

by Thomas Wadlow | May 30, 2014


Finding More Than One Worm in the Apple:
If you see something, say something.

In February Apple revealed and fixed an SSL (Secure Sockets Layer) vulnerability that had gone undiscovered since the release of iOS 6.0 in September 2012. It left users vulnerable to man-in-the-middle attacks thanks to a short circuit in the SSL/TLS (Transport Layer Security) handshake algorithm introduced by the duplication of a goto statement. Since the discovery of this very serious bug, many people have written about potential causes.

by Mike Bland | May 12, 2014


The NSA and Snowden: Securing the All-Seeing Eye:
How good security at the NSA could have stopped him

Edward Snowden, while an NSA (National Security Agency) contractor at Booz Allen Hamilton in Hawaii, copied up to 1.7 million top-secret and above documents, smuggling copies on a thumb drive out of the secure facility in which he worked, and later released many to the press. This has altered the relationship of the U.S. government with the American people, as well as with other countries. This article examines the computer security aspects of how the NSA could have prevented this, perhaps the most damaging breach of secrets in U.S. history.

by Bob Toxen | April 28, 2014


Please Put OpenSSL Out of Its Misery:
OpenSSL must die, for it will never get any better.

The OpenSSL software package is around 300,000 lines of code, which means there are probably around 299 bugs still there, now that the Heartbleed bug which allowed pretty much anybody to retrieve internal state to which they should normally not have access has been fixed.

by Poul-Henning Kamp | April 12, 2014


Rate-limiting State:
The edge of the Internet is an unruly place

By design, the Internet core is dumb, and the edge is smart. This design decision has enabled the Internet’s wildcat growth, since without complexity the core can grow at the speed of demand. On the downside, the decision to put all smartness at the edge means we’re at the mercy of scale when it comes to the quality of the Internet’s aggregate traffic load. Not all device and software builders have the skills and the quality assurance budgets that something the size of the Internet deserves.

by Paul Vixie | February 4, 2014


Resolved: the Internet Is No Place for Critical Infrastructure:
Risk is a necessary consequence of dependence

What is critical? To what degree is critical defined as a matter of principle, and to what degree is it defined operationally? I am distinguishing what we say from what we do.

by Dan Geer | April 26, 2013


A Decade of OS Access-control Extensibility:
Open source security foundations for mobile and embedded devices

To discuss operating system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security; Type Enforcement in SELinux; anti-malware products; app sandboxing in Apple OS X, Apple iOS, and Google Android; and application-facing systems such as Capsicum in FreeBSD. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to ’security localization’ - the adaptation of operating-system security models to site-local or product-specific requirements.

by Robert N. M. Watson | January 18, 2013


Rethinking Passwords:
Our authentication system is lacking. Is improvement possible?

There is an authentication plague upon the land. We have to claim and assert our identity repeatedly to a host of authentication trolls, each jealously guarding an Internet service of some sort. Each troll has specific rules for passwords, and the rules vary widely and incomprehensibly.

by William Cheswick | December 31, 2012


LinkedIn Password Leak: Salt Their Hide:
If it does not take a full second to calculate the password hash, it is too weak.

6.5 million unsalted SHA1 hashed LinkedIn passwords have appeared in the criminal underground. There are two words in that sentence that should cause LinkedIn no end of concern: "unsalted" and "SHA1."

by Poul-Henning Kamp | June 7, 2012


SAGE: Whitebox Fuzzing for Security Testing:
SAGE has had a remarkable impact at Microsoft.

Most ACM Queue readers might think of "program verification research" as mostly theoretical with little impact on the world at large. Think again. If you are reading these lines on a PC running some form of Windows (like 93-plus percent of PC users--that is, more than a billion people), then you have been affected by this line of work--without knowing it, which is precisely the way we want it to be.

by Patrice Godefroid, Michael Y. Levin, David Molnar | January 11, 2012


How to Improve Security?:
It takes more than flossing once a year.

We recently had a security compromise at work, and now the whole IT department is scrambling to improve security. One problem this whole episode has brought to light is that so much security advice is generic. It’s like being told to lock your door when you go out at night, without saying what kind of lock you ought to own or how many are enough to protect your house. I think by now most people know they need to lock their doors, so why aren’t there more specific guidelines for securing systems?

by George Neville-Neil | August 12, 2011


Weapons of Mass Assignment:
A Ruby on Rails app highlights some serious, yet easily avoided, security vulnerabilities.

In May 2010, during a news cycle dominated by users’ widespread disgust with Facebook privacy policies, a team of four students from New York University published a request for $10,000 in donations to build a privacy-aware Facebook alternative. The software, Diaspora, would allow users to host their own social networks and own their own data. The team promised to open-source all the code they wrote, guaranteeing the privacy and security of users’ data by exposing the code to public scrutiny. With the help of front-page coverage from the New York Times, the team ended up raising more than $200,000.

by Patrick McKenzie | March 30, 2011


National Internet Defense - Small States on the Skirmish Line:
Attacks in Estonia and Georgia highlight key vulnerabilities in national Internet infrastructure.

Despite the global and borderless nature of the Internet’s underlying protocols and driving philosophy, there are significant ways in which it remains substantively territorial. Nations have policies and laws that govern and attempt to defend "their Internet". This is far less palpable than a nation’s physical territory or even than "its air" or "its water". Cyberspace is still a much wilder frontier, hard to define and measure. Where its effects are noted and measurable, all too often they are hard to attribute to responsible parties.

by Ross Stapleton-Gray, Bill Woodcock | January 19, 2011


The Theft of Business Innovation: Overview:
An overview of key points discussed in the joint ACM-BCS Roundtable on Threats to Global to Competitiveness.

The joint ACM-BCS Roundtable on Threats to Global Competitiveness focuses on the new business security realities resulting from having practically all business information directly or indirectly connected to the Internet and the increased speed and volume of information movement. This new environment has enabled an entirely new dimension in what has been considered important business value-creation assets and in the criminal ways that information can be stolen or used to harm its owner. What follows are the key points from that broader conversation.

November 5, 2010


The Theft of Business Innovation: An ACM-BCS Roundtable on Threats to Global Competitiveness:
These days, cybercriminals are looking to steal more than just banking information.

Valuable information assets stretch more broadly than just bank accounts, financial-services transactions, or secret, patentable inventions. In many cases, everything that defines a successful business model resides on one or more directly or indirectly Internet-connected personal computers (e-mail, spreadsheets, word-processing documents, etc.) , in corporate databases, in software that implements business practices, or collectively on thousands of TCP/IP-enabled realtime plant controllers. While not the traditional high-powered information repositories one normally thinks of as attractive intellectual property targets, these systems do represent a complete knowledge set of a business’ operations.

by Mache Creeger | November 1, 2010


Lessons from the Letter:
Security flaws in a large organization

I recently received a letter in which a company notified me that they had exposed some of my personal information. While it is now quite common for personal data to be stolen, this letter amazed me because of how well it pointed out two major flaws in the systems of the company that lost the data. I am going to insert three illuminating paragraphs here and then discuss what they actually can teach us.

by George V. Neville-Neil | July 22, 2010


The Virtue of Paranoia:
A koder with attitude, KV answers your questions. Miss Manners he ain’t.

Dear KV, I just joined a company that massages large amounts of data into an internal format for its own applications to work on. Although the data is backed up regularly, I have noticed that access to this data, which has accumulated to be several petabytes in size, is not particularly well secured. There is no encryption, and although the data is not easily reachable from the Internet, everyone at the company has direct access to the volumes, both physically and electronically, all the time.

by George Neville-Neil | July 28, 2008


A Behavioral Approach to Security:
Analyzing the behavior of suspicious code

The CTO of Finjan, Yuval Ben-Itzhak, makes a strong case for a new approach to security that relies more on analyzing the behavior of suspicious code than signatures that have to developed after the attacks have already started.

July 21, 2008


The Silent Security Epidemic:
Developers are challenged by attacks that target certain types of applications.

Although the industry is generally getting better with dealing with routine types of security attacks, developers are today being challenged by more complex attacks that not only flow below the radar, but also specifically target certain types of applications. In this Queuecast edition, Ryan Sherstobitoff, CTO of Panda Software describes what new types of sophisticated attacks are being created and what proactive steps developers need to take to protect their applications.

July 21, 2008


Intellectual Property and Software Piracy:
The Power of IP Protection and Software Licensing, an interview with Aladdin vice president Gregg Gronowski

We’re here today to talk about intellectual property and the whole issue of software piracy and our friends at Aladdin are considered one of the de facto standards today for protecting software IP, preventing software piracy, and enabling software licensing and compliance. So joining us today to discuss that topic is Aladdin Vice President, Greg Gronowski.

July 14, 2008


Document & Media Exploitation:
The DOMEX challenge is to turn digital bits into actionable intelligence.

A computer used by Al Qaeda ends up in the hands of a Wall Street Journal reporter. A laptop from Iran is discovered that contains details of that country’s nuclear weapons program. Photographs and videos are downloaded from terrorist Web sites. As evidenced by these and countless other cases, digital documents and storage devices hold the key to many ongoing military and criminal investigations. The most straightforward approach to using these media and documents is to explore them with ordinary tools—open the word files with Microsoft Word, view the Web pages with Internet Explorer, and so on.

by Simson L. Garfinkel | January 17, 2008


The Seven Deadly Sins of Linux Security:
Avoid these common security risks like the devil.

The problem with security advice is that there is too much of it and that those responsible for security certainly have too little time to implement all of it. The challenge is to determine what the biggest risks are and to worry about those first and about others as time permits. Presented here are the seven common problems - the seven deadly sins of security - most likely to allow major damage to occur to your system or bank account.

by Bob Toxen | June 7, 2007


The Evolution of Security:
What can nature tell us about how best to manage our risks?

Security people are never in charge unless an acute embarrassment has occurred. Otherwise, their advice is tempered by “economic reality,” which is to say that security is a means, not an end. This is as it should be. Since means are about tradeoffs, security is about trade-offs, but you knew all that. Our tradeoff decisions can be hard to make, and these hard-to-make decisions come in two varieties. One type occurs when the uncertainty of the alternatives is so great that they can’t be sorted in terms of probable effect. As such, other factors such as familiarity or convenience will drive the decision.

by Daniel E. Geer | May 4, 2007


Open vs. Closed:
Which source is more secure?

There is no better way to start an argument among a group of developers than proclaiming Operating System A to be "more secure" than Operating System B. I know this from first-hand experience, as previous papers I have published on this topic have led to reams of heated e-mails directed at me - including some that were, quite literally, physically threatening. Despite the heat (not light!) generated from attempting to investigate the relative security of different software projects, investigate we must.

by Richard Ford | February 2, 2007


One Step Ahead:
Security vulnerabilities abound, but a few simple steps can minimize your risk.

Every day IT departments are involved in an ongoing struggle against hackers trying to break into corporate networks. A break-in can carry a hefty price: loss of valuable information, tarnishing of the corporate image and brand, service interruption, and hundreds of resource hours of recovery time. Unlike other aspects of information technology, security is adversarial. It pits IT departments against hackers.

by Vlad Gorelik | February 2, 2007


A Conversation with Jamie Butler:
Rootkitting out all evil

Rootkit technology hit center stage in 2005 when analysts discovered that Sony BMG surreptitiously installed a rootkit as part of its DRM (digital rights management) solution. Although that debacle increased general awareness of rootkits, the technology remains the scourge of the software industry through its ability to hide processes and files from detection by system analysis and anti-malware tools.

by John Stanik | February 2, 2007


Pointless PKI:
A koder with attitude, KV answers your questions. Miss Manners he ain’t.

We’ve had problems in the past with internal compromises, and management has decided that the only way to protect the information is to encrypt it during transmission.

by George Neville-Neil | July 27, 2006


Attack Trends: 2004 and 2005:
Hacking has moved from a hobbyist pursuit with a goal of notoriety to a criminal pursuit with a goal of money.

Counterpane Internet Security Inc. monitors more than 450 networks in 35 countries, in every time zone. In 2004 we saw 523 billion network events, and our analysts investigated 648,000 security “tickets.” What follows is an overview of what’s happening on the Internet right now, and what we expect to happen in the coming months.

by Bruce Schneier | July 6, 2005


Security - Problem Solved?:
Solutions to many of our security problems already exist, so why are we still so vulnerable?

There are plenty of security problems that have solutions. Yet, our security problems don’t seem to be going away. What’s wrong here? Are consumers being offered snake oil and rejecting it? Are they not adopting solutions they should be adopting? Or, is there something else at work, entirely? We’ll look at a few places where the world could easily be a better place, but isn’t, and build some insight as to why.

by John Viega | July 6, 2005


The Answer is 42 of Course:
If we want our networks to be sufficiently difficult to penetrate, we’ve got to ask the right questions.

Why is security so hard? As a security consultant, I’m glad that people feel that way, because that perception pays my mortgage. But is it really so difficult to build systems that are impenetrable to the bad guys?

by Thomas Wadlow | July 6, 2005


A Conversation with Peter Tippett and Steven Hofmeyr:
Two leaders in the field of computer security discuss the influence of biomedicine on their work, and more.

There have always been similarities and overlap between the worlds of biology and computer science. Nowhere is this more evident than in computer security, where the basic terminology of viruses and infection is borrowed from biomedicine.

by Jim Maurer | July 6, 2005


Vote Early, Vote Often:
An e-vote by any other name?

I usually shun clichés like the plague, but could not resist this oft-quoted slogan that sums up what I like to call Psephological Cynicism. Psephology is the huge and growing branch of mathematics (with frequent distractions from sociologists, psychologists, political scientists, and allied layabouts) that studies the structure and effectiveness of polling and electoral strategies. Related domains include probability and games theory, although, as well see, the subject has many far-from-playful implications.

by Stan Kelly-Bootle | October 25, 2004


Security is Harder than You Think:
It’s not just about the buffer overflow.

Many developers see buffer overflows as the biggest security threat to software and believe that there is a simple two-step process to secure software: switch from C or C++ to Java, then start using SSL (Secure Sockets Layer) to protect data communications. It turns out that this naïve tactic isn’t sufficient. In this article, we explore why software security is harder than people expect, focusing on the example of SSL.

by John Viega, Matt Messier | August 31, 2004


The Insider, Naivety, and Hostility: Security Perfect Storm?:
Keeping nasties out if only half the battle.

Every year corporations and government installations spend millions of dollars fortifying their network infrastructures. Firewalls, intrusion detection systems, and antivirus products stand guard at network boundaries, and individuals monitor countless logs and sensors for even the subtlest hints of network penetration. Vendors and IT managers have focused on keeping the wily hacker outside the network perimeter, but very few technological measures exist to guard against insiders - those entities that operate inside the fortified network boundary. The 2002 CSI/FBI survey estimates that 70 percent of successful attacks come from the inside. Several other estimates place those numbers even higher.

by Herbert H Thompson, Richard Ford | August 31, 2004


Security: The Root of the Problem:
Why is it we can’t seem to produce secure, high-quality code?

Security bug? My programming language made me do it! It doesn’t seem that a day goes by without someone announcing a critical flaw in some crucial piece of software or other. Is software that bad? Are programmers so inept? What the heck is going on, and why is the problem getting worse instead of better?

by Marcus J Ranum | August 31, 2004


Sensible Authentication:
According to the author of Beyond Fear, it’s not enough to know who you are; you’ve got to prove it.

The problem with securing assets and their functionality is that, by definition, you don’t want to protect them from everybody. It makes no sense to protect assets from their owners, or from other authorized individuals (including the trusted personnel who maintain the security system). In effect, then, all security systems need to allow people in, even as they keep people out. Designing a security system that accurately identifies, authenticates, and authorizes trusted individuals is highly complex and filled with nuance, but critical to security.

by Bruce Schneier | February 24, 2004


Uncrackable Passwords:
Companies such as Apple, Dell, Gateway, and MicronPC are marketing fingerprint readers or developing add-ons.

As a result of “heightened demands” for secure computing, PC makers are taking a serious look at biometrics. MPC’s TransPort laptops, for example, use heat-sensitive scans integrated into the system’s BIOS. The MPC’s TouchChip captures fingerprint scans from the laptop’s palmrest. A laptop can be registered to multiple users, who can each designate which files, folders, or directories will be shared. Very James Bond.

October 1, 2003