Richard Busby wrote:
>Date: Tuesday, 14 December 2004 10:00 AM PST
>
>Where: Oregon Zoo Conference Room
>
>Speaker - Crispin Cowan, Ph.D. CTO Immunix
>
>Topic - "Intrusion Protection"
>
>
Immunix will be bringing donuts to the meeting :)
Here is the abstract for the talk.
Intrusion Prevention and Application Security:
The Good, The Bad, and the Ugly
Crispin Cowan, PhD
CTO, Immunix Inc.
Richard Clarke said that "The reason why you have people breaking
into your software is because your software sucks." More than just
scathing criticism of the software industry, this comment highlights
the extreme difficulty of assuring that your applications do what
they are supposed to do, /and nothing else/. You can test for what
an application is supposed to do, but you cannot effectively test
for the surprising "something else" mis-features that attackers
exploit: they "tickle" your applications with "creative" inputs that
make software mis-behave, and as a result can break into your
systems. Effects like open source code review help Linux to be more
secure by being less likely to have unpleasant surprises, but this
does not eliminate the threat. To really secure applications, host
application security is required to nail down what each application
is permitted to do, to ensure that it is not doing any surprising
"something else"s. This talk will explain the theoretical
foundations that make proving "nothing else" impossible, and show
how host application security provides the only real alternative to
trust-worthy software. We then show how the LSM (Linux Security
Modules) feature (new in the Linux 2.6 kernel) enables unprecedented
precision in the control of application behavior on standard Linux
kernels.
Crispin
>No host lunch to follow
>
>See you there!
>
>
>
>
>
--
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
CTO, Immunix http://immunix.com
This archive was generated by hypermail 2.1.3 : Mon Dec 13 2004 - 11:59:30 PST