[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
I don't think I shall get there, but it is likely to be
interesting.
Organised by among others the London LUG - LONIX
"Should Security Mechanisms be Secret?"
Ross Anderson
6pm (tea) for 6.40pm, Tue 11 Feb 2003
A free-entry talk at City University, London EC1
Please see http://www.lonix.org.uk to register for
attendance
and to get information about travel and arrival procedure
For a web notice for this talk see
http://acmbc.soi.city.ac.uk/
Open-source and free software advocates argue that their code
is more
secure, because vulnerabilities are easier to find and fix.
Microsoft
argues that this just makes things easier for the attackers;
their
latest anti-trust settlement makes them share the design of
interfaces
and protocols - except where security is involved. This
debate goes
back to the nineteenth century, when people argued about
whether it
was proper to write books about things like locksmithing and
cipher
systems. And the excuse `I can't tell you because of security'
is not
restricted to the software industry.
In this talk I will present a surprising new result. I will
show that,
under the standard assumptions used by the reliability
modelling
community, the open and closed approaches are equivalent.
Opening a
system to public inspection helps attack and defence equally.
This means that a practical decision on whether to keep the
design of
a system secret, or to open it to public inspection, will
depend on
the extent to which it departs from standard assumptions about
the
statistics of bugs, and on implementation issues such as the
rate at
which bug fixes are produced and applied.
The audience is likly to reflect a wide range of relevant
interests
and will not need to understand advanced mathematics.
For a related paper see
http://www.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf
Ross Anderson (http://www.cl.cam.ac.uk/users/rja14) is Reader in
Security Engineering and leader of the security group in the
University of Cambridge Computer Laboratory. His recent
textbook,
"Security Engineering - A Guide to Building Dependable
Distributed
Systems" (Wiley 2001) has received widespread acclaim.
Ross also chairs the Foundation for Information Policy Research
and
is a leading activist in defending public information rights in a
wide range of areas, especially cryptography and copyright law.
The Foundation recently had a key influence on amending the
Export
Bill to avoid importing the US ban on publishing cryptographic
source code. Also of recent note is Ross' Palladium FAQ opposing
the Intel/Microsoft plan to embed copyright policing in PC
hardware.
Organised by the Centre for Software Reliability at City
University,
ACM British Chapter, LONIX (London Linux User Group), BCS
Networks
Specialist Group, IEEE Computer Chapter (UK and Republic of
Ireland).
Local organiser: David Dodson, dcd@xxxxxxxxxxxxxx, tel
020-7040-8445.
-O--<>--O--<>--O--<>--O--<>--O--<>--O--<>--O--<>--O--<>--O--<>--O--<>--O-
--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.