Abstract
Threats to computer systems have been increasing over the past few years. Given the dependence of society and businesses on computers, we have been spending every day more to make computer systems and networks secure enough. Yet, current practice and technology are based on intrusion prevention, and incorporate a lot of ad hoc procedures and man power, without being anywhere near perfect, for reasonable scale systems. Maybe the next quantum leap in computer systems security is to make it automatic, so that it can be cheap and effective. The first possibility that comes to mind is to make systems out of tamper-proof components, also said fully trustworthy: perfect components → perfect security, all else being correct. Though this lied at the basis of the trusted computing base work in the eighties, it is known today that it is impossible in practice to implement reasonably complex systems whose components are vulnerability free. This implies that systems in general cannot be made perfectly secure under the prevention paradigm. One interesting approach relies on providing some isolation between virtual machines residing on a same hardware machine, which can then act as if they were separate computers (see Figure 1).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Amir, Y., Danilov, C., Dolev, D., Kirsch, J., Lane, J., Nita-Rotaru, C., Olsen, J., Zage, D.: Scaling Byzantine fault-tolerant replication to wide area networks. In: Proceedings of the IEEE International Conference on Dependable Systems and Networks, pp. 105–114 (June 2006)
Bellovin, S.M., Benzel, T.V., Blakley, B., Denning, D.E., Diffie, W., Epstein, J., Verissimo, P.: Information assurance technology forecast 2008. IEEE Security & Privacy 6(1), 10–17 (2008)
Castro, M., Liskov, B.: Practical Byzantine fault-tolerance and proactive recovery. ACM Trans. on Computer Systems 20(4), 398–461 (2002)
Chun, B.-G., Maniatis, P., Shenker, S., Kubiatowicz, J.: Attested append-only memory: making adversaries stick to their word. In: Proceedings of the 21st ACM Symposium on Operating Systems Principles, pp. 189–204 (October 2007)
Correia, M., Neves, N.F., Verissimo, P.: How to tolerate half less one Byzantine nodes in practical distributed systems. In: Proceedings of the 23rd IEEE Symposium on Reliable Distributed Systems, pp. 174–183 (October 2004)
Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: sel4: formal verification of an OS kernel. In: SOSP 2009: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, pp. 207–220. ACM, New York (2009)
Lampson, B.: Privacy and security, usable security: how to get it. Commun. ACM 52(11), 25–27 (2009)
Martin, J.P., Alvisi, L.: Fast Byzantine consensus. In: Proceedings of the IEEE International Conference on Dependable Systems and Networks, pp. 402–411 (June 2005)
Sousa, P., Bessani, A.N., Correia, M., Neves, N.F., Verissimo, P.: Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Transactions on Parallel and Distributed Systems
Verissimo, P.: Travelling through wormholes: a new look at distributed systems models. SIGACT News (ACM Special Interest Group on Automata and Computability Theory) 37(1), 66–81 (2006)
Verissimo, P., Neves, N.F., Cachin, C., Poritz, J., Powell, D., Deswarte, Y., Stroud, R., Welch, I.: Intrusion-tolerant middleware: The road to automatic security. IEEE Security & Privacy 4(4), 54–62 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Verissimo, P. (2014). Security Made, Not Perfect, But Automatic. In: Christianson, B., Malcolm, J. (eds) Security Protocols XVIII. Security Protocols 2010. Lecture Notes in Computer Science, vol 7061. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45921-8_32
Download citation
DOI: https://doi.org/10.1007/978-3-662-45921-8_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45920-1
Online ISBN: 978-3-662-45921-8
eBook Packages: Computer ScienceComputer Science (R0)