Difference between revisions of "Software security seminar"

From PublicWiki
Jump to: navigation, search
(Floating readings: anderson papers)
(Floating readings: +r. anderson book)
Line 56: Line 56:
 
**Ross Anderson, Security in Open versus Closed Systems: The Dance of Boltzmann, Coase and Moore. [http://www.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf]
 
**Ross Anderson, Security in Open versus Closed Systems: The Dance of Boltzmann, Coase and Moore. [http://www.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf]
 
**Ross Anderson, Murphy's law, the fitness of evolving species, and the limits of software reliability.  [http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-471.pdf]
 
**Ross Anderson, Murphy's law, the fitness of evolving species, and the limits of software reliability.  [http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-471.pdf]
 +
**Chapters from his book? --- [http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering: A Guide to Building Dependable Distributed Systems]
 
**More papers from Anderson et al. at [http://www.cl.cam.ac.uk/Research/Security/studies/st-rs.html the U. of Cambridge research group's site]
 
**More papers from Anderson et al. at [http://www.cl.cam.ac.uk/Research/Security/studies/st-rs.html the U. of Cambridge research group's site]
 
*Aspray, ''Chasing Moore's Law'', ch. 5
 
*Aspray, ''Chasing Moore's Law'', ch. 5

Revision as of 05:38, 3 December 2004

Notes for soctech seminar planning, Winter 2005

Making secure software: technical and legal solutions (and policy and business if we want to go there).

Schedule details

week-by-week breakdown

Week 1: tech intro: thinking about computer security

  • Presenter: Keunwoo
  • Topics:
    • What is this course about, and why are we here?
    • Basic security concepts (threat models, cost/safety tradeoffs)
    • Fundamental computing technology topics: operating systems, programming systems.
  • Pre-reading: none; Keunwoo will present slides.
  • Post-reading: Lessig, Code and Other Laws of Cyberspace, ch. 7

Week 2: tech intro: software quality and security

  • Presenter: Keunwoo?
  • Topics: what is software quality? how do people measure it? how does this apply to security?
  • Reading: Schneier, Secrets and Lies ch. 8-10?

Week 3: technical aspects of improving computer systems

  • Presenter: Keunwoo?
  • Topics: technologies that can improve computer systems: languages; analysis tools; testing; runtime systems/operating systems; ad hoc technical measures; software development methodologies
  • Reading:

Week 4: law intro: contracts & torts

  • Presenter: Ben

Week 5: law intro: economic legal philosophy

  • Presenter: Ben?

Week 6: vendor liability

  • Presenter: ?

Week 7: certification processes: products, processes, people

  • Presenter: ?

Week 8: market failures in economics of software, and legal approaches (tentative topic)

  • Presenter: ?

Week 9: criminal law approaches?

  • Presenter: ?

Week 10: public policy approaches

  • Presenter: ?
  • Readings: Lazowska lecture

Past courses to mine for useful content

Floating readings

These are readings that haven't been matched to a date yet.

Other notes

Technical discussion We'd want to start off with a briefing/discussion on the technical issues, led by a computer scientist volunteer or one of us. This means talking about the trouble computer scientists have a) writing secure software and b) determining whether a piece of software is secure. Questions to be discussed and explained would be:

  • Why is writing secure software so hard? (software is complex, tiny vulnerabilities in seas of code millions of lines long)
  • Computer scientists can't tell for sure whether their software is secure for anything more than the tiniest programs. So what CAN we do to evaluate how secure a piece of software is? What proxies for security do we measure (SE practices, performance on static analysis tests, security features in the spec)? This is necessary to cover, I'd think, for any discussion of legal liability--i.e., how do we assign blame for bad software--well, we can see if the vendor did everything he could to try to verify his software was secure.

Legal discussion Led by Ben/lawyer in the room:

  • What is tort?
  • Does it apply to software? Why not?
  • What about in the future, as Ben said, as more devices go online?

Other tactics for improving software

  • Policy solution: Should the gov't or other body license software engineers? Would that improve software quality?
  • Market solution: Would creating an independent lab to evaluate software security help the consumer overcome the problem of "I want to buy secure software but I have no idea how to tell what software products are secure"? If ratings by a lab would get the consumer to buy the relatively more secure stuff, this would incentivize companies to provide it.


Readings and speakers (if we want them) TBD

  • David Notkin might be convinced to explain problems with software security
  • possible literature from the Cylab, CMU, law review articles (need to investigate)
  • Schneier. Secrets and Lies, Digital Security in a Networked World
  • chapter on security in Aspray, IT and Public Policy
  • any notes/video from Ed L's IT/public policy class

How many days worth of class is this? One for technical, one for legal, one for discussion? Perhaps on the 3rd day we could assign people to think about how they would improve software security given what they learned about law and tech.