Software Complexitysmb%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0/tal… · Why Technologists Oppose Golden Keys...

Post on 22-Mar-2020

42 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of Software Complexitysmb%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0/tal… · Why Technologists Oppose Golden Keys...

SoftwareComplexityStevenM.Bellovin

https://www.cs.columbia.edu/~smb

1

https://www.cs.columbia.edu/~smb
https://www.cs.columbia.edu/~smb
https://creativecommons.org/licenses/by-nc/3.0/deed.en_US
https://creativecommons.org/licenses/by-nc/3.0/deed.en_US
https://creativecommons.org/licenses/by-nc/3.0/deed.en_US
https://creativecommons.org/licenses/by-nc/3.0/deed.en_US
https://creativecommons.org/licenses/by-nc/3.0/deed.en_US
https://creativecommons.org/licenses/by-nc/3.0/deed.en_US
https://creativecommons.org/licenses/by-nc/3.0/deed.en_US

WhatHappened?

• Whyisatrainarrivingin-2minutes?• Isthe10:26runningaheadofthe9:38?• (We’llignorethefactthatthey’rebothquitelate.)

2

ATrainStatusDisplay

3

AndinWashington…

4

Optimism

“Theprogrammer,likethepoet,worksonlyslightlyremovedfrompurethought-stuff.Hebuildshiscastlesintheair,fromair,creatingbyexertionoftheimagination.Fewmediaofcreationaresoflexible,soeasytopolishandrework,soreadilycapableofrealizinggrandconceptualstructures.”

FredBrooks,TheMythicalMan-Month

5

RealityCheck

“[O]nemustperformperfectly.Thecomputerresemblesthemagicoflegendinthisrespect,too.Ifonecharacter,onepause,oftheincantationisnotstrictlyinproperform,themagicdoesn’twork.Humanbeingsarenotaccustomedtobeingperfect,andfewareasofhumanactivitydemandit.”

FredBrooks,TheMythicalMan-Month

6

RealSoftware

• Softwareisbuggy• Softwareisalwaysbuggy• Thebiggertheprogram,thebuggierthesoftware—always

7

Why?Interactions

8

ComplexityKills…

Withncomponents,thereareroughlyn2interactions

9

So?

• Therearelimitstohowgoodoursoftwarecanbe• Therearethereforethingswecan’tdo• Moreprecisely,whenweincreasecomplexitywe

a) Increasethebugratedramaticallyb) Increasethedevelopmentcostdramaticallyc) Both!

10

ComplexityandCurrentEvents

• Webankonline• Webuythingsonline• Wecommunicateonline• Whycan’twevoteonline?

11

ProbablyJustaBug

(PhotobyEdFelten) 12

Avotingmachinetapefromthe2008presidentialprimaryinaNewJerseyprecinct.

EntertheAdversary

13NYTimes

GoingDark

“Asaresult,althoughthegovernmentmayobtainacourtorderauthorizingthecollectionofcertaincommunications,itoftenservesthatorderonaproviderwhodoesnothaveanobligationunderCALEAtobepreparedtoexecuteit.”

ValerieCaproni,GeneralCounseloftheFBI

14

TheFBI’sSolution

• Allcommunicationsystemsneedsomeformofaccessforlawenforcement• Allencryptionsystemsneeda“backdoor”(whichtheycalla“goldenkey”)• Canwedoit?

15

WiretapInterfacesareHard

• Someyearsago,theNSAevaluatedthestandardizedwiretapinterfaceon26differentphoneswitches• Allhadsecurityflaws

• Someone(probablyanintelligenceagency)hackedacellphoneswitchinAthensandabusedthewiretapinterface• About100phoneswereillegallytapped,includingthePrimeMinister’s

16

CryptographyisHard

“Finally,protocolssuchasthosedevelopedherearepronetoextremelysubtleerrorsthatareunlikelytobedetectedinnormaloperation.”

RogerNeedhamandMichaelSchroeder,“UsingEncryptionforAuthenticationinLargeNetworksofComputers”

17

From“KeysUnderDoormats”

“Wehavefoundthatthedamagethatcouldbecausedbylawenforcementexceptionalaccessrequirementswouldbeevengreatertodaythanitwouldhavebeen20yearsago.Inthewakeofthegrowingeconomicandsocialcostofthefundamentalinsecurityoftoday’sInternetenvironment,anyproposalsthatalterthesecuritydynamicsonlineshouldbeapproachedwithcaution...Thecomplexityoftoday’sInternetenvironment,withmillionsofappsandgloballyconnectedservices,meansthatnewlawenforcementrequirementsarelikelytointroduceunanticipated,hardtodetectsecurityflaws.”

Abelsonetal.

18

WhyTechnologistsOpposeGoldenKeys

• IthasnothingtodowithdislikeoftheFBIortheNSA• Technologistscanbevictimsofcriminalsandterrorists,too• Rather,it’saquestionofcrimeprevention—thesoftwarenecessarytopermitlawenforcementaccesshasahighprobabilityofopeningupnewsecurityholes• Therootcauseisthecomplexityofsoftware

19

TheInternetofThings

• We’reconnectingmoreandmore“things”totheInternet• Theserunonsoftware;thissoftwareisoftenpoorlywrittenandneverpatched

20

Self-DrivingCars

• Almostcertainly,wewillseesomecrashesduetobuggycode• Possibly(thoughnotcertainly),therewillbecrashesduetohacking

• Eventoday’s“dumb”carscontain50-75networkedcomputers• Amoderncarisactuallyamobiledatacenter!

• But—self-drivingcars,flawsandall,willalmostcertainlybesaferthanhuman-drivencars• Carsdon’tgetdrunk,sleepy,distracted,etc.

21

UsersDon’tSeeMostoftheComplexity

• Goodsoftwareoftenhideshowcomplexitis• But—thecomplexityisstillthere• Often,it’sthepartsyoudon’tknowaboutthatcancausethemosttrouble

22

SoWhatDoWeDo?

• Giveup?

23

SoWhatDoWeDo?

• Giveup?• No;thatsacrificesthebenefitsofcomputers.Therearereasons(andgenerallygoodones)whywerelyonsoftware

24

SoWhatDoWeDo?

• Giveup?• No;thatsacrificesthebenefitsofcomputers.Therearereasons(andgenerallygoodones)whywerelyonsoftware• Often,somesmallrateoffailureisquiteacceptable—nothingelseisperfect,either

25

SoWhatDoWeDo?

• Giveup?• No;thatsacrificesthebenefitsofcomputers.Therearereasons(andgenerallygoodones)whywerelyonsoftware• Often,somesmallrateoffailureisquiteacceptable—nothingelseisperfect,either• Thetrickisknowinghowtodecide.Wewantmajorbenefits,comparativelylowrisks,andacceptableconsequencesifthereisafailure

26

“Thecompetentprogrammerisfullyawareofthestrictlylimitedsizeofhisownskull;thereforeheapproachestheprogrammingtaskinfullhumility…”

EdsgerDijkstra,“TheHumbleProgrammer”

27

SomeSuggestions

Good

• Self-drivingcars• Communicationsapps

• Thesmartgrid?

Bad

• (Residential)lightbulbs• Bikelocks• Anti-missilesystems• Votingmachines

• Networkedsextoys?

28

Questions?

29

Top related

Cancionero Tuna Filosof%80%a0%a0%Eda y Letras m%80%a0%a0%e1laga
 Documents
Identity, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0/tal… · Reputation should adhere to the real identity A bad guy should not be able to discard a bad reputation by
 Documents
Secure System Design: E-Commerce Web Sitesmb%C2%A0%C2%A0%C2%A0... · Even if they don’t, compromise of a user’s e-commerce password could permit orders billed to that person’s
 Documents
Google versus Chinasmb%c2%a0%c2%a0%c2%a0%c2%… · including from Chinese companies like Huawei. ... • Some of the attacks were directed at dissidents and activists ... they could
 Documents
Contemporary Moral Problemsitethic.pbworks.com/f/Contemporary%C2%A0Moral%C2%A0...Page | 2 Table of Contents Egoism and Moral Scepticism .……….. 3 - 5 Religion, Morality, and Conscience
 Documents
Introduction to Cryptography, Part IIsmb%c2%a0%c2%a0%c2%a0%c2%… · Homomorphic Vs. Non-malleable •Homomorphic encryption ... •How many people need to be in a room for the probability
 Documents
New Public Management Is Dead—Long Live Digital-Era …jerrybrito.pbworks.com/f/Digital%C2%A0Era%C2%A0... · Helen Margetts Oxford Internet ... Simon Bastow Jane Tinkler London
 Documents
ControlCenter2smb%c2%a0%c2%a0%c2%a0...MC3764 CAP (Section 4.2). The CAP will provide the same multiple code population and limited-try fea- tures as the MCCS, but the W82 will not
 Documents
Viruses, Trojan Horses, and Wormssmb%c2%a0%c2%a0%c2%a0%c2%a0… · Worms in Science Fiction “Let me put it another way. You have a computer with an auto-dial phone link. You put
 Documents
Frank Miller’s Codebooksmb%c2%a0%c2%a0%c2%a0%c2%a0… · Lots of Google and Google books searches; ... memory of it in 1912 when he formulated his maxim? Does the evidence exist
 Documents
Authentication - cs.columbia.edusmb%c2%a0%c2%a0%c2%a0%c2%a0… · password as the key + This is where the 8-character limit comes from Any decent cryptosystem can resist finding
 Documents
Employment and Computers - cs.columbia.edusmb%c2%a0%c2%a0%c2%a0... · Alcatel “merged” with Lucent; Nokia is buying the new ... remained a monopoly—and didn’t drop in price
 Documents
Doing History in the Internet Agesmb%c2%a0%c2%a0%c2%a0... · the Freemasons (1829), the Templars (1867), and the Ku Klux Klan (1872) Neither of these two meanings is listed in the
 Documents
STAINES AP-PLANS PHDD C2-A0 HVAC MECH
 Documents
The Cybersecurity Challengesmb%c2%a0%c2%a0%c2%a0%c2%a0...The Problem “Our first observation is that we are hard pressed to say that cyberspace is more secure than it was 35 years
 Documents
Web Server-Side Securitysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Most interesting web sites use server-side scripts: CGI, ASP, PHP, server-side include, etc. Each such script is a separate
 Documents
Block Diagram Pin Description (Top-side view)C1+ C1-B2+ B2-C2+ C2-B3+ B3-C3+ C3-V DD A0+ A0-D0+ D0-A1+ A1-D1+ D1-A2+ A2-D2+ D2-A3+ A3-D3+ D3-SEL1 SEL2 PI3PCIE3413A 3.3V, PCI Express®
 Documents
Protecting the Clientsmb%c2%a0%c2%a0%c2%a0... · If someone using the application connects to your server—or if you can trick someone into connecting to your server via a watering
 Documents
Voluntary Disclosuressmb%c2%a0%c2%a0%c2%a0%c2%a0...update letting friends know that his unit was preparing to go to a West Bank village near Ramallah: On Wednesday we clean up Qatanah,
 Documents
Security: The Human Elementsmb%c2%a0%c2%a0%c2%a0%c2%a0… · The Human Element “Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable
 Documents

Copyright © 2022 FDOCUMENTS