• Home
• Newsletters
• People of ACM
• People of ACM - David Basin

People of ACM - David Basin

February 16, 2016

Many computing professionals contend that we are entering a new wave of technological innovation that has been coined the “Internet of Everything” or IOE. A main feature of the IOE is an advanced connectivity of devices, systems and services that could lead to more security breaches. What are some promising areas of research in information security that might maintain security while allowing for a far greater degree of connectivity?

Many conventional systems, from elevators to medical devices, now embody a considerable amount of IT and suffer from the same security problems that conventional software systems have. Moreover, in many cases, neither the engineers building these systems nor the end users are security experts. This raises numerous security engineering challenges such as constructing methods and tools to support building security into the system development process, building tools to analyze the security of the resulting systems, and developing ways to make system configuration and use easier and more secure for non-experts.

Another challenge for many IOE applications is bootstrapping security associations for secure communication. While I might benefit from my clothing to talk to my washing machine, I might not want these exchanges to be public. To prevent this, one can leverage the physical properties of these systems, for example their physical location or their distance to other entities as a basis for setting up cryptographic keys. But doing this securely, in the presence of an adversary, is nontrivial.

A long-term challenge for the Information Security field has been to develop systems that can resist attack. Are there recent advances that allow us to better integrate security considerations into the design, building and validation of secure systems to make them more resistant?

Absolutely! The state of the art has progressed both in developing cryptographic primitives and protocols in-the-small and secure systems in-the-large. Let me give an example of each of these. There have been enormous advances in model-checkers for cryptographic protocols that allow even non-experts to model protocols and either formally verify them or find flaws in their design. The Tamarin system, developed in my group, is one example of this. Tamarin takes as input a specification of a cryptographic protocol, a model of the adversary, a description of the cryptographic operators used, and the desired security properties.

Despite protocol correctness being undecidable in general, Tamarin is very effective at automatically finding either attacks on the specified protocol or, in many cases, generating a proof that the protocol has its specified properties when operating in the given adversarial environment. Such model-checking tools are now starting to positively impact cryptographic standards, for example the ISO/IEC 9798 standard for entity authentication and the upcoming TLS 1.3 standard.

In-the-large, a major challenge has been how to bridge the gap between security requirements and system implementations and bring security into the system design process. There have been substantial advances in model-driven system development that now provide effective methods and tools for doing this. Namely one can construct system design models that also model security policies, such as access control policies. Tool support can then be used to generate systems automatically from these models, with complete, configured, security infrastructures. The ActionGui tool, jointly developed by ETH Zurich and the IMDEA Software Institute, provides an example of this. I believe future systems will increasingly be built with such tools.

As Information Security has become a multi-billion dollar industry, there has been a dramatic increase in people seeking degrees in the field, both first-time college students and non-traditional students seeking a career transition. Why is accreditation of Information Security programs important and what should potential students look for when enrolling at a college or university?

Given the booming demand for security professionals, it is not surprising that many associations offer courses and trainings. But Information Security is both broad and deep. As it cuts across many areas of computing, there is no shortcut for a solid education in computer science. I would recommend potential students to carefully check that the program they are considering is rooted within a department that offers a full-fledged, high-quality Computer Science education as well as a specialization in Information Security.

Information Security is still an emerging discipline and appears to be in flux. What other advice would you offer a younger colleague just starting out in the field?

An emerging discipline is an exciting discipline with abundant opportunities. The challenge of security is that one must design systems that work in adversarial environments where the adversary can be extremely cunning. It is therefore necessary to be well versed in the state of the art in software and system engineering as design flaws and implementation errors can be security relevant. But this is not enough: systems have huge attack surfaces that go beyond their standard interfaces. These include the hardware and software stacks they run on, the infrastructure and services they rely on, the tools, frameworks, and libraries used to build them, etc. One must therefore approach the problem with an open mind, a vivid imagination, and the willingness to go beyond the more well-charted territories of software and system engineering.