Download Srini Devadas, MIT Computer Science and Artificial Intelligence Lab

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
Document related concepts

Cyberwarfare wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Hacker wikipedia , lookup

Cyberattack wikipedia , lookup

Computer security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Cybercrime wikipedia , lookup

Transcript 
Panel #1 Cybersecurity Outlook
• Panelists
–
–
–
–
Janet Bishop-Levesque, RSA
Bob Guay, BioGen
Larry Wilson, UMass
John Schramm, Manulife/Hancock
• Moderators
– Wayne Burleson, UMass
– Srini Devadas, MIT
MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY
10/20/2014
Cybersecurity and Threats
• Cybersecurity is a property of computer systems
similar to performance and energy
• Attackers take a holistic view by attacking any
component or interface of system
• Diverse threat models dictate different desirable
security properties
– Viruses and worms: Bug-free programs
– Denial-of-Service attacks: Redundant resources
– Cyberphysical attacks: Tamper-resistant hardware
MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY
Cybersecurity: Mainstream View
• Computer systems are so complex that it is
impossible to design them without vulnerabilities.
• Therefore, the best we can do is to:
– Focus on existing computing systems and their attacks to
discover flaws
– Design mechanisms into these systems to protect against
these attacks
– Manage risk and administer systems well
• Unfortunately, new flaws are always discovered…
• We need to do better than this “Patch & Pray,
Perimeter Protection” mindset
MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY
Cybersecurity: A Holistic View
• Security property cannot be articulated well
when isolated to a component or layer
 need a systems-wide, architectural viewpoint
• New theoretical and practical foundations of
secure computing that integrate security in
the design process
 security “by default”
 Remove program error as a source of vulnerability
• Bring researchers from diverse disciplines
and industry practitioners together to address
a wide range of threat models
MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY
Three classes of benefits:
• Prevention: Increasing the difficulty of
attacks
• Resilience: Allowing a system to remain
functional despite attacks
• Regeneration: Allowing systems to more
quickly recover from attacks to fully
functional state.
MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY
Question #1
• Is it worth investing in attack prevention
technologies?
Against: Techniques are never going to protect against all
attacks and therefore detection, diagnosis and recovery
techniques are a necessity and a better investment of
resources.
For: Prevention is better than cure, especially when it comes to
customer services.
Relates to Anna Nagurney’s keynote
MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY
10/20/2014
Question #2
Will companies that wish to deploy secure systems
incorporate a holistic design methodology, or is this
too much to expect?
Relates to Dave Clark’s keynote
MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY
10/20/2014
Question #3
With a recent spate of attacks on servers and breaks
that affect large sets of clients, are we at a point
where clients will have to take more responsibility for
their security through the use, for instance, of multifactor authentication and perhaps suffer more
inconvenience?
MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY
10/20/2014
Questions
1. Is it worth investing in attack prevention
technologies?
2. Will companies that wish to deploy secure
systems incorporate a holistic design
methodology, or is this too much to expect?
3. With a recent spate of attacks on servers and
breaks that affect large sets of clients, are we at a
point where clients will have to take more
responsibility for their security through the use,
for instance, of multi-factor authentication and
perhaps suffer more inconvenience?
MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY
10/20/2014
Related documents
Prostetics - MIT Computer Science and Artificial Intelligence
Prostetics - MIT Computer Science and Artificial Intelligence
Artificial Intelligence in Music and Art
Artificial Intelligence in Music and Art
16 - MIT Computer Science and Artificial Intelligence Laboratory
16 - MIT Computer Science and Artificial Intelligence Laboratory
Artificial Intelligence Education Special Track:
Artificial Intelligence Education Special Track:
Sponsors
Sponsors
Strategic Research Center for Artificial Intelligence Policy
Strategic Research Center for Artificial Intelligence Policy
Document 8562121
Document 8562121
Artificial Intelligence in Education
Artificial Intelligence in Education
intro - MIT Computer Science and Artificial Intelligence Laboratory
intro - MIT Computer Science and Artificial Intelligence Laboratory
KM Tools
KM Tools
Project description template
Project description template
Project Description Student: Arvind Ravichandran Title: Examining
Project Description Student: Arvind Ravichandran Title: Examining
References_MSE614-SP08
References_MSE614-SP08
Engr 662: Advanced Artificial Intelligence
Engr 662: Advanced Artificial Intelligence
Research Topics in Discovery and Artificial Intelligence
Research Topics in Discovery and Artificial Intelligence
Regulating Artificial Intelligence
Regulating Artificial Intelligence
your cybersecurity solution must do
your cybersecurity solution must do
6. Basic concept of the Cybersecurity Information Exchange
6. Basic concept of the Cybersecurity Information Exchange