July 20, 2006
Designing for Security: A Mathematician's Perspective
Yesterday was Chicago and Dr. Dobb's Architecture & Design Conference. Granted it is a four-day event (ending today) and I was only there one day. Still it was interesting, and I don't just mean taking the L-train from Midway Airport to the McCormick Place Convention Center.
Lots of good sessions on Wednesday, ranging from "Aspects in Dynamic Languages" to "Patterns for Service-Oriented Architecture." However, the highlight for me was Hugh Thompson's keynote on "Securing Software Design and Architecture: Uncut and Uncensored." What I didn't realize was that, for a mathematician, Hugh is a funny guy.
I know Hugh primarily from the security-related articles he's written for Dr. Dobb's, including the likes of:
as well as his best-selling books such as The Software Vulnerability Guide (reviewed here), and How to Break Software Security.
In his Wednesday keynote Hugh's focus was on the need to build security into applications. His point was that to do this, we have to start thinking like an abuser, instead of a user. That we have consider security requirement, not just of functional ones. And that security doesn't start and stop with just a firewall.
What did "uncut and uncensored" have to do with his talk? Much of his presentation dealt with real-world security lapses ranging from his shutting down in-air video on a commercial airplane, to manipulating cookies for doing end-arounds on faulty e-commerce implementations. Real world--and real scary at times.
Posted by Jon Erickson at 09:35 AM Permalink
|
