Skip to main content
SpringerLink
Log in

Security Made, Not Perfect, But Automatic

  • Conference paper
Security Protocols XVIII (Security Protocols 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7061))

Included in the following conference series:

  • 403 Accesses

Abstract

Threats to computer systems have been increasing over the past few years. Given the dependence of society and businesses on computers, we have been spending every day more to make computer systems and networks secure enough. Yet, current practice and technology are based on intrusion prevention, and incorporate a lot of ad hoc procedures and man power, without being anywhere near perfect, for reasonable scale systems. Maybe the next quantum leap in computer systems security is to make it automatic, so that it can be cheap and effective. The first possibility that comes to mind is to make systems out of tamper-proof components, also said fully trustworthy: perfect components → perfect security, all else being correct. Though this lied at the basis of the trusted computing base work in the eighties, it is known today that it is impossible in practice to implement reasonably complex systems whose components are vulnerability free. This implies that systems in general cannot be made perfectly secure under the prevention paradigm. One interesting approach relies on providing some isolation between virtual machines residing on a same hardware machine, which can then act as if they were separate computers (see Figure 1).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amir, Y., Danilov, C., Dolev, D., Kirsch, J., Lane, J., Nita-Rotaru, C., Olsen, J., Zage, D.: Scaling Byzantine fault-tolerant replication to wide area networks. In: Proceedings of the IEEE International Conference on Dependable Systems and Networks, pp. 105–114 (June 2006)

    Google Scholar 

  2. Bellovin, S.M., Benzel, T.V., Blakley, B., Denning, D.E., Diffie, W., Epstein, J., Verissimo, P.: Information assurance technology forecast 2008. IEEE Security & Privacy 6(1), 10–17 (2008)

    Article  Google Scholar 

  3. Castro, M., Liskov, B.: Practical Byzantine fault-tolerance and proactive recovery. ACM Trans. on Computer Systems 20(4), 398–461 (2002)

    Article  Google Scholar 

  4. Chun, B.-G., Maniatis, P., Shenker, S., Kubiatowicz, J.: Attested append-only memory: making adversaries stick to their word. In: Proceedings of the 21st ACM Symposium on Operating Systems Principles, pp. 189–204 (October 2007)

    Google Scholar 

  5. Correia, M., Neves, N.F., Verissimo, P.: How to tolerate half less one Byzantine nodes in practical distributed systems. In: Proceedings of the 23rd IEEE Symposium on Reliable Distributed Systems, pp. 174–183 (October 2004)

    Google Scholar 

  6. Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: sel4: formal verification of an OS kernel. In: SOSP 2009: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, pp. 207–220. ACM, New York (2009)

    Google Scholar 

  7. Lampson, B.: Privacy and security, usable security: how to get it. Commun. ACM 52(11), 25–27 (2009)

    Article  Google Scholar 

  8. Martin, J.P., Alvisi, L.: Fast Byzantine consensus. In: Proceedings of the IEEE International Conference on Dependable Systems and Networks, pp. 402–411 (June 2005)

    Google Scholar 

  9. Sousa, P., Bessani, A.N., Correia, M., Neves, N.F., Verissimo, P.: Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Transactions on Parallel and Distributed Systems

    Google Scholar 

  10. Verissimo, P.: Travelling through wormholes: a new look at distributed systems models. SIGACT News (ACM Special Interest Group on Automata and Computability Theory) 37(1), 66–81 (2006)

    Google Scholar 

  11. Verissimo, P., Neves, N.F., Cachin, C., Poritz, J., Powell, D., Deswarte, Y., Stroud, R., Welch, I.: Intrusion-tolerant middleware: The road to automatic security. IEEE Security & Privacy 4(4), 54–62 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculdade de Ciências, LaSIGE - Lisbon, Universidade de Lisboa, Portugal

    Paulo Verissimo

Authors
  1. Paulo Verissimo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Hertfordshire, AL10 9AB, Hatfield, Hertfordshire, UK

    Bruce Christianson  & James Malcolm  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Verissimo, P. (2014). Security Made, Not Perfect, But Automatic. In: Christianson, B., Malcolm, J. (eds) Security Protocols XVIII. Security Protocols 2010. Lecture Notes in Computer Science, vol 7061. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45921-8_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-45921-8_32

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-45920-1

  • Online ISBN: 978-3-662-45921-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation