Alan Cox

Fellow, Red Hat

Computer Security - The Next 50 Years
20 minutes, 9.3mb, recorded 2005-10-18
Alan Cox
Security and validation are critical issues in computing, and the next fifty years will be harder than the last. There are a number of proven programming techniques and design approaches which are already helping to harden our modern systems, but each of these must be carefully balanced with usability in order to be effective. In this talk, Alan Cox, fellow at Red Hat Linux, explores the future of what may be the biggest threat facing software engineers, the unverified user.

The well meaning user, often an employee of the company, represents a particular threat to computer systems because they work within the security perimeter and must be handled gently. Software developers are beginning to build some established security techniques into their code in order to protect the system from malicious exploits and well intentioned blunders. For example, some tools in the GCC compiler can now detect buffer overflows which no amount of code gazing had revealed before. Modularity, variation, and randomization of memory, file handles or process IDs can also help limit the spread of exploits. Breaking systems into components means that discreet rules can be imposed in order to limit the tasks which different pieces can execute. This approach could, for example, be used to define the allowable actions of an image viewer very precisely, reducing the possibility that the viewer could be hijacked to spawn a shell for malicious intent. Separation of secrets is another helpful concept. For example, a bluetooth phone can work very well as a remote security device for user verification.

No matter how good our prevention methods get, Cox argues we must understand ways to mitigate attacks. Flaws in software are inevitable, and bound to grow given the complexity and ever more rapid development cycles. A current emphasis in RedHat's Security-enhanced Linux (SELinux) is to defend against the user as a point of vulnerability to viruses and spyware. The computer can be taught to enforce security policies that the users themselves are unlikely to uphold, given their propensity to ignore advisories and software dialog boxes. Software engineers must build in security that is active by default, and they must understand the user so that security tools are actually used. If security thwarts the users or makes them stop and answer hard questions, the users will inevitably bypass even the strongest security measures.

Alan Cox has been working on Linux since 1992. He was one of the original authors of both networking and multi-processor support for the Linux kernel. Cox was the original CERT security contact for Linux and continues to this day to be involved in the vendor-sec Linux security work for Red Hat as well as in security and IP policy through the Foundation for Information Policy Research

This free podcast is from our OSCON Europe series.

For The Conversations Network: