Security researcher Dan Kaminsky believes rethinking the basic rules of computer science can dramatically improve computer security, and argues that "there's not enough science [being done]."
Kaminsky says keeping code and data separate is the key. "We need to respect developers and give them the tools that they need," he says. "We know we have security issues with timing. They're the vast majority of vulnerabilities ever written and discovered. We haven't actually fixed them."
Kaminsky notes the hypothesis of language theoretic security is that security flaws stem from the languages code is written in, and he cites three challenges: The inability to authenticate, the inability to write secure code, and the inability to expose malefactors. Kaminsky mentions as an example the use of clocks in the computer as a method for preventing a network attack strategy that exploits random number generation. Through the creation of underlying technologies, he aims to boost the volume of data available to expedite vulnerability discovery.
"We are operating in a vacuum of information," Kaminsky says. "There are things we are afraid of in security and censorship. Why don't we find out what is happening?"
From BYTE
View Full Article
Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA
No entries found