Recoverability as a First-Class Security Objective Proceedings of a Workshop (2018) / Chapter Skim
Currently Skimming:
1 Introduction and Framing
1 Introduction and Framing
Pages 1-8
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 1... ...
OPENING REMARKS Fred B Schneider, Forum Chair Fred Schneider, the Samuel B
|
From page 2... ...
FRAMING KEYNOTE: A BROAD VIEW OF RECOVERY Butler W Lampson, Microsoft Research Butler Lampson, technical fellow at Microsoft Research, kicked off the workshop with a keynote address framing the issue of recovery.
|
From page 3... ...
Current cybersecurity approaches provide some minimal facilities for prevention and recovery, such as securing simple programs and isolating complex programs or sanitizing their inputs. However, Lampson said current approaches fall short in securing more complex systems or maintaining security after changes are made.
|
From page 4... ...
The abilities to mitigate the effects of a successful attack and to reliably recover either to full functionality, or to a well-understood set of critical functionalities, are important; in some circumstances, recovering to full functional ity is more important than the ability to protect confidentiality. This workshop will explore such recoverability as a first-class security objective -- at different granularities (from documents to data centers)
|
From page 5... ...
DevOps and system administration communities have an important role to play in improving the recoverability of systems. Topics speakers at the workshop will be invited to address: Policies and Practices • How to design effective organizational policies, terms of service, and/or guarantees that provide sufficient incen tive for services to reliably recover from disruption; what policy and organizational changes help to improve recoverability prospects?
|
From page 6... ...
In addition, audit logs and user authentication can be used to detect unusual behavior. Lampson explained that in addition to helping restore the system to a good state, these foundational elements enable accountability, and ultimately blame, so that offenders can be found and punished, whether with jail time, fines, being fired, or some other accountability measure.
|
From page 7... ...
The code for other, less critical functions of the light could be physically separate from these critical code components and not be able to override the safety-critical code. Lampson noted that while such approaches are feasible in a smaller system such as a traffic light, implementing them in more complex IoT devices, such as self-driving cars, will be more challenging.
|
From page 8... ...
Peter Swire, Georgia Institute of Technology, pointed out that other domains, such as counterterrorism, are moving toward emphasizing prevention rather than punishment -- the opposite of the retroactive approach Lampson proposes. It is a comfortable myth to believe that our lives or our computers and devices can be made fully secure, Lampson said, but it is not possible to prevent all threats from being realized.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.