Keynote: Why We are Not Building a Defendable Internet

No video

Keynote: Why We are Not Building a Defendable Internet

Рет қаралды 28,882

Күн бұрын

By Thomas Dullien / Halvar Flake
In IT security, offensive problems are technical - but most defensive problems are political and organisational. Attackers have the luxury to focus only on the technical aspects of their work, while defenders have to navigate complex political and regulatory environments. In a previous talk ("Rearchitecting a defendable internet") I discussed what technical measures would yield defendable devices - and intentionally omitted the political and economics side. This talk, on the other hand, will explore the economics and incentive structures in IT security: Who is incentivized by who to do what - and how these incentives fail to produce the security level we desire.
The talk will look at different players in IT security: CISOs, security product vendors, computer manufacturers, cyber insurances - and examine their economic incentive structures, their interplay, and reasons for failure. The talk will also discuss an alternate reality where things work smoothly, and examine the differences to our current reality.

Пікірлер: 19

@yorickhunt3371 5 жыл бұрын

12:40 the best description ever given of Norton Anti-Virus. 26:03 ... and the best description ever given of Microsoft Windows.

@samdeur 7 жыл бұрын

Good Keynote my compliments.

@davejoseph5615 6 жыл бұрын

Certainly hardware solutions would work great for personal devices that are rebooted on a casual and frequent basis.

@TimLF 7 жыл бұрын

That is a really nice overview and I almost fully agree; Apple designs it's own SOC, I think Google/Samsung/MS could as well if they cared but it's just not a checkbox for them.

@35571113 7 жыл бұрын

Is the "previous talk" mentioned in the beginning online?

@Imtotallydiggingthis 6 жыл бұрын

Anton Molyboha did you find it?

@CharlesVanNoland 6 жыл бұрын

Wow, some really interesting ideas right off the bad. Hardware hash/integrity check, a public ledger of software developers (blockchain based, I would imagine, using code-signing certificates). Some great stuff here. Keep in mind, however, that sometimes the biggest threat to the internet is centralization: entities with massive server farm resources that the majority of netizens rely on for information and its flow. Centralization leads to censorship and deterioration of privacy, period.. That's not even bringing the vulnerability of huge central stores of everybody's information into question, which is a whole other, but related, issue. #decentralize

@sanderd17 6 жыл бұрын

How would you stop the bad guys, and still allow genuine programmers, or even students, to write software? If everyone can register any program, there's no actual check. If programs get checked, this will cost money which will certainly harm education. And people will find ways around it, like jailbroken iPhones.

@Stopinvadingmyhardware 2 жыл бұрын

Correct, you're building a profitable Internet. Why would a Cybersecurity, CompSci or OS guy want a network that requires little maintenance? That's the absence of job security.

@HowToDealWithLinux 7 жыл бұрын

the last answer made me laugh

@MidnightCoup 7 жыл бұрын

Oh come on, factory reset an enterprise data centre? Would be more damaging than the infection. This is on vendors, not IT support. Make your shit secure via a working group baselines or audit.

@TimLF 7 жыл бұрын

I believe he is referring to resetting registers, signed drivers, and executables not data... can't find his first talk "building a defensible internet" to verify though.