Software Security - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Software Security

Description:

... programming is hard, let's build tools that make it easier to get security right ... Network-layer defenses must make up for software inadequacies. ... – PowerPoint PPT presentation

Number of Views:61
Avg rating:3.0/5.0
Slides: 16
Provided by: daw
Category:

less

Transcript and Presenter's Notes

Title: Software Security


1
Software Security
  • David WagnerUniversity of California at Berkeley

2
Critical infrastructure is dependent on computer
security
3
(No Transcript)
4
(No Transcript)
5
Internet security incidents reported to CERT
Security break-ins are all too prevalent
6
Software vulnerabilities reported to CERT
Typical cause Security defects in our software
7
Talk Outline
  • Why is our software so buggy?
  • What can we do about software security?

8
(No Transcript)
9
  • What makes simple mechanical systems predictable?
  • Linearity (or, piecewise linearity)
  • Continuity (or, piecewise continuity)
  • Small, low-dimensional statespaces
  • Systems with these properties are(1) easier to
    analyze, and (2) easier to test.

10
  • Computers enable highly complex systems
  • And todays software is taking advantage of this
  • Highly non-linear behavior large, high-dim.
    state spaces

11
Problem Summary
  • Complexity breeds bugsand unpredictable behavior
  • Bugs and unpredictabilityare the bane of security

12
Mitigating the Risks
  • How can we improve software security?
  • Correctness by construction(e.g., K.I.S.S.,
    defensive coding, least privilege)
  • Automated analysis of software,new models of
    software behavior
  • Formal verification proving programs free of
    defects

13
Mitigating the Risks
  • How can we improve software security?
  • Correctness by construction (e.g., K.I.S.S.)
  • Automated analysis of software
  • New models of software behavior
  • Formal verification proving programs free of
    defects

14
Tools for Software Security
  • If secure programming is hard, lets build tools
    that make it easier to get security right
  • MOPS scanning for bugs using software model
    checking
  • CQual security-typed programming discipline
  • Were finding--and fixing--vulnerabilities in
    open-source applications (Linux kernel, sendmail,
    Apache, wu-ftpd, )

15
Conclusion
  • Computer security problems are endemic.
  • Our software is a weak spot.Network-layer
    defenses must make up for software inadequacies.
  • The problem will likely remain with us as long as
    users value features (complexity) over security
    (simplicity).

16
Questions?
And remember to look out for rakes
Write a Comment
User Comments (0)
About PowerShow.com