[cap-talk] Any hope in RSA 2008?

Jed Donnelley capability at webstart.com
Sun Apr 6 02:50:59 CDT 2008 

At 12:07 AM 4/5/2008, David Wagner wrote:
>John Carlson writes:
> >My comment would be is  I don't know what research there is currently,
> >so I "complain" to figure out if someone already has an answer.
>
>Sounds perfectly reasonable to me.
>
>My objection is not to asking for pointers in this area; my objection is
>to anyone who dismisses the entire research area as hopeless without first
>taking the time to understand the work that's been done.  Folks like Shap
>and MarkM have steeped themselves in the literature enough that they're
>qualified to have an opinion.  On the other hand, if you have to ask where
>the best research in the field is published, then it's probably premature
>to dismiss essentially all computer security research as hopeless.
>
>This is not directed at you, John;

No, but it does seem to be directed at me, so I'll respond.

>this is general frustration and a
>plea that we all be careful to avoid dismissing entire research fields
>before we've taken the time to understand them.  If we're frustrated
>with folks who dismiss object capabilities before they have taken the
>time to understand them, and then we ought to be extra-careful to avoid
>doing the same to other approaches to computer security.

The frustration that I expressed (Any hope in RSA 2008) was not
with computer security technology (research or otherwise) in general,
but in what I've been separating out as the "patching and bailing"
aspects of computer security work (research?).  As MarkM noted,
this work is helpful (without it we would all be sunk), but it
doesn't get at the fundamentals that I believe we are trying
to address with POLA and the capability paradigm.  My frustration
is that I'm trying to find long term hope, something fundamentally
different to change the computer security "game."  I agree with the
InfoWorld assessment (#1 tech flop) that the computer security
area isn't going well (30 years and still getting worse).  The
offense seems to be doing much better than the defense.  I hope
something can be found to fundamentally improve the game.  My
reading and writing on cap-talk is because I believe POLA and
capabilities have a chance to make such a fundamental improvement.

When MarkM says, "Even using object-capabilities well, we still
don't know how to achieve security reliably and with confidence."

Whew, ain't that the truth!  However, he also notes:

"Capabilities help the situation" (preventing successful attacks).

I believe this to be true.  However, POLA and capabilities generally
aren't considered a promising approach for improving the security/integrity
of computer systems.  I'm trying to figure out why not.  Is it because
to others the above statement (help the situation) appears to be
false?  Perhaps the cost is too high?  Perhaps there are other technologies
that seem more likely to "help the situation".  What technologies are
comparable in being considered to "help the situation"?

It's that comparison in terms of the foundations of computer security
that I'm trying to investigate.

What I was reaching out for (and that I think Pierre supplied with
the "Computer Security Foundations Symposium") were areas of computer
security research that were more, well, "foundational".  I don't
know if I'll actually find the sort of thing I'm looking for there
(e.g. alternatives to POLA to change the computer security game),
but it seems promising.  What I at least hope to discover is what
people who see themselves as pursuing such foundations think
about POLA and capabilities - these days.

>For those who want to see the leading work on computer security, you can
>start with conferences like Usenix Security, IEEE Security & Privacy,
>ACM CCS, and ISOC NDSS.  Not all papers in those conferences are great;
>but many of the best papers in computer security have appeared in those
>conferences.

I attended the 2007 Usenix Security conference.  There was nearly
nothing there along the lines that I'm looking for.  That's not to
say the papers were "bad".  It may be important and is clever being
able to identify a language from encrypted VoIP data (for example),
but to me that doesn't seem likely to help change the computer
security "game."  Papers on preventing click fraud or on spam
detection or strengthening passwords or really just about anything
at the Usenix Security conference or seemingly at RSA 2008 don't
seem to me likely to result in a game change.  Even something
like the trusted computing hardware that is controversial these
days, while it may be able to change the game of booting up to a
known (safe?) state, it doesn't address the problem of making
complete system failures (hacked systems) less likely.

I just looked through titles and scanned some of the articles at:

http://www.computer.org/portal/site/security
IEEE Security & Privacy

That doesn't look to me like a rich source for my focus.

I also looked through the titles from the most recent ACM CCS conference:

http://portal.acm.org/toc.cfm?id=1315245
(where I can get at the papers through my work access)

and for the most recent NDSS 2008:

http://www.isoc.org/isoc/conferences/ndss/08/proceedings.shtml

I'm sure we all face the same situation of only being able
to read with understanding a very small fraction of the papers
that are published (let alone have been published) even in what
might seem a relatively narrow field like computer security.

David Wagner notes, "Many students spend months getting themselves
up to speed in areas of the literature that are of interest to them."
Of course one could spend a lifetime trying to get "up to speed" in
an area like computer security.  My hope is that by focusing on
a rather narrow area ('foundational' - comparable to POLA) I might
be able to get "up to speed" enough to at least make some legitimate
comparisons with current thinking in the field.  I don't expect to
become as 'steeped' in the literature as MarkM or Shap or you
David.  If my lack of steeping and my asking for pointers to the
areas of the field suggest that my opinions are "premature" - well,
I'm sorry, but that's the best I can do.  I'm generally pretty
easy to ignore.

So I keep reading, asking, probing, writing - for some years in
this recent cap-talk stint.  Suggestions for areas of focus are
welcome.

--Jed  http://www.webstart.com/jed-signature.html

More information about the cap-talk mailing list