The Future of Computer Security

A look at the Grand Challenges ahead for computer security

Certainly, the second challenge seems more doable than the first. Various pieces of the puzzle have been discussed at length: Perhaps all we need to do is assemble these tools together in a complete whole. Some researchers argue, for example, that every electronic voting machine should have an internal little printer and a roll of paper just to prevent the computer system from accidentally zeroing out votes for one candidate and assigning them to another.

But a competing proposal would have a second computer recording the votes with a digital camera. Indeed, this might not be a Grand Challenge at all if it weren't so terribly important and if we hadn't, as a society, done such a bad job with our voting system attempts to date.Measuring RiskThe third Grand Challenge doesn't seem all that difficultthat is, until you try to do it. It calls for developing quantitative measurements of risk in information systems. But then, consider this riddle: What's the percentage chance that a programming flaw will be discovered in Windows within the next 30 days that will allow an attacker to get administrative privileges on your system? And do the Linux and OpenBSD operating systems have a higher or lower chance of a similar flaw being discovered? Many CEOs would like answers to such questions. But with computer systems today, there is no reliable way to measure risk.

If we could reliably measure the risk associated with a particular piece of software, we could then give an estimate of how much it would cost to decrease the riskor, alternatively, how much we could save by accepting it. Banks have been making these kinds of risk-benefit decisions for decades in the realm of physical security. Infosecurity professionals, on the other hand, have all but given up trying to rate the risk of different systems. Instead, the practitioners have developed sets of best practices that they hope will decrease the chances of a computer being compromised.

Alas, there are many problems with "best practices." The most obvious is that they really don't tell you how secure you happen to be at the moment. Instead, they simply tell you that you are as secure as everybody else who is following the same practices. Likewise, best practices give no metric for making purchasing decisions. That's why reviews comparing antivirus systems or firewalls tend to stress other factors, such as how much the systems cost, how fast they run and how easy they are to manage. Today, we just don't have good tools for measuring and quantifying the actual differences between various security applications and appliances. Control FreaksOur final challenge is to make security easier to usespecifically, to give end users control over their own computers. That is especially important as we move into a world in which each person will have many different computers, all with different capabilities, architectures and security models.