Keynote: Why We are Not Building a Defendable Internet
ฝัง
- เผยแพร่เมื่อ 20 ก.ย. 2024
- By Thomas Dullien / Halvar Flake
In IT security, offensive problems are technical - but most defensive problems are political and organisational. Attackers have the luxury to focus only on the technical aspects of their work, while defenders have to navigate complex political and regulatory environments. In a previous talk ("Rearchitecting a defendable internet") I discussed what technical measures would yield defendable devices - and intentionally omitted the political and economics side. This talk, on the other hand, will explore the economics and incentive structures in IT security: Who is incentivized by who to do what - and how these incentives fail to produce the security level we desire.
The talk will look at different players in IT security: CISOs, security product vendors, computer manufacturers, cyber insurances - and examine their economic incentive structures, their interplay, and reasons for failure. The talk will also discuss an alternate reality where things work smoothly, and examine the differences to our current reality.
![เขามัทรี - เอ็กซ์ ศุภกฤต - จอนนี่มิวสิค [ Official MV ]](http://i.ytimg.com/vi/AS9ufKuQIVs/mqdefault.jpg)
12:40 the best description ever given of Norton Anti-Virus.
26:03 ... and the best description ever given of Microsoft Windows.
Good Keynote my compliments.
Certainly hardware solutions would work great for personal devices that are rebooted on a casual and frequent basis.
Is the "previous talk" mentioned in the beginning online?
Anton Molyboha did you find it?
That is a really nice overview and I almost fully agree; Apple designs it's own SOC, I think Google/Samsung/MS could as well if they cared but it's just not a checkbox for them.
Wow, some really interesting ideas right off the bad. Hardware hash/integrity check, a public ledger of software developers (blockchain based, I would imagine, using code-signing certificates). Some great stuff here. Keep in mind, however, that sometimes the biggest threat to the internet is centralization: entities with massive server farm resources that the majority of netizens rely on for information and its flow. Centralization leads to censorship and deterioration of privacy, period.. That's not even bringing the vulnerability of huge central stores of everybody's information into question, which is a whole other, but related, issue. #decentralize
How would you stop the bad guys, and still allow genuine programmers, or even students, to write software? If everyone can register any program, there's no actual check. If programs get checked, this will cost money which will certainly harm education. And people will find ways around it, like jailbroken iPhones.
Correct, you're building a profitable Internet.
Why would a Cybersecurity, CompSci or OS guy want a network that requires little maintenance? That's the absence of job security.
the last answer made me laugh
Oh come on, factory reset an enterprise data centre? Would be more damaging than the infection. This is on vendors, not IT support. Make your shit secure via a working group baselines or audit.
I believe he is referring to resetting registers, signed drivers, and executables not data... can't find his first talk "building a defensible internet" to verify though.
Um.
Funny watching this in 2020 wrt CPU mfrs.
Is this guy unaware of Epyc, Intel is on its way out
AMD is just as bad, ARM is a bit better but still not anything close to securely manageable by the time it gets in an SOC.
and then there was ethereum