Interesting People mailing list archives
more on MS XP service pack will automatically download *and* install updates
From: Dave Farber <dave () farber net>
Date: Fri, 05 Mar 2004 05:52:18 -0700
Here are my two Grand Challenges on Security (auto update is #2)
Grand Challenge #1 Background After 9/11 and the subsequent reorganizations of the federal organizations that resulted in, for example, the DHS , there was required the "sharing" of intelligence information between sectors of the intelligence and law enforcement community at a scale that previously had never been contemplated. While this is considered necessary for national security, it raised a set of severe concerns dealing with the propagation of such information into large communities where proper safeguards of use and audit ability isdifficult to implement and to enforce. Simultaneously, there was raised by many citizens, a concern for their privacy as personal information of various levels of quality is to be widely distributed to organizations both with in the federal arena and state law enforcement. They are also concerned as to the tendency to use this information for other>originally gathered for -- for example the use of the airline security lists for catching dead beat fathers etc with and without the consent of the citizens. Finally there is concern that the data transferred between organizations may disclose sensitive information about the sources of the information and the methods used to gather it. However those pieces of information are critical to the metric of the believability and usability of the information. How to transmit a metric of the originators belief to a client organization is critical. Such approaches are not obvious. Grand Challenge #2 As the latest virus and worm attack has shown, many computer users, both home and industrial, fail to keep their systems properly upgraded with the software fixes that are targeted to stop such vulnerabilities.. While the Windows systems is the "popular" target for such attacks and failures, other systems can and will suffer the same fate. It has been proposed that the software vendors be able to automatically access their customer systems to make sure that they are up-to-date. This raises a set of very difficult problems that range from the potential of a massive worldwide computer failure if a upgrade actually contains a problem that takes down a significant number of machines (as has happened in the past). Many of these machines may serve critical applications and thus cause serous national security problems. In addition there is the potential for hijacking of the upgrade mechanism that would make many internal data accessible to an attacker. How to provide reliable computing, given we are 'stuck" with the current software/hardware systems is vital and non trivial.
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on MS XP service pack will automatically download *and* install updates Dave Farber (Mar 05)