I decided to take the challenge of the organisers, the perfection of security, turn it around, and propose: if not perfect why not automatic? So we might ask if preventative security, meaning the canonical way of security, the only way to get it? Let me share a few thoughts about that. If we think that there is no trustworthiness, meaning a holistic perfection about what secure systems are, that behind our nice algorithms there’s machinery, so there’s no secure application without regard to the platform, or there is no effective policy in isolation of enforcing machinery, or that there is no information security in the absence of infrastructure security, then we might think, do we need at least some auxiliary paradigms to build secure systems. I’m going to talk about stuff that can be used in anything, servers, etc, but using it on the client side, maybe then there is no future in expensive security. Maybe we need, at least on the client side, to bring security to be sort of a commodity, something that is adaptive to the context where you’re working on, and several people talked about that yesterday. And it should be automatic, getting out of our way.
Weitere Kapitel dieses Buchs durch Wischen aufrufen
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
- Security Made, Not Perfect, But Automatic (Transcript of Discussion)
- Springer Berlin Heidelberg
Neuer Inhalt/© ITandMEDIA