Abstract :
Summary form only given. With the introduction of DEP and ASLR, the degree of difficulty in finding network-accessible zero-day attacks has increased dramatically. Linux versions 2.6 and higher are significantly more robust to attack than was 2.4, and Windows 7 is comparably more robust than was XP. That said, we continue to see computer systems being widely compromised. The reasons for this are many, but this talk will focus on the user as the critical vulnerability and the complexity and opacity of computer systems as contributing factors. I will discuss economic drivers for security (and lack thereof), point out some foibles in current enterprise, Internet and handheld device architectures, and present some problems that should be amenable to analysis. Finally, I will propose some research directions which facilitate including the human as a critical element of the system architecture.
Keywords :
Internet; Linux; computational complexity; economics; security of data; ASLR; DEP; Internet; Linux versions 2.6; computer systems complexity; computer systems critical vulnerability; computer systems opacity; economic drivers; handheld device architectures; network-accessible zero-day attacks; people-oriented cyber security; Abstracts; Computer architecture; Computer science; Computer security; Computers; Robustness; USA Councils;
