[SecurityRatty] tag: feltens

My Princeton Experience and Optimism for Encryption

Tue, 26 Feb 2008 02:56:00 +0000

As we all know by now, Ed Felten and his research group at Princeton have announced yet another landmark result in the realm of data security. For systems ranging from Java VMs to digital rights management to electronic voting machines – and now to disk encryption – the research group has shown that foundations for a secure world remain elusive to the industry.

I enjoyed the opportunity to collaborate with Dr. Felten on the SDMI cracking effort while I was at Princeton. The recent paper on disk encryption vulnerabilities cites work based on part of my Ph.D. thesis (which explored next-generation security architectures) as a long-term solution. Indeed, for laptop encryption and trusted systems to truly realize their promise, hardware and software must be engineered with security at the core, not at the periphery.

The exposed flaws in many disk encryption solutions are yet another set of disquieting examples of how difficult it is to engineer security systems for our impatient and diverse world. Routinely, software developers – as opposed to trained security architects – are being asked to design cryptographic systems with complex design parameters and even more complex security implications. The various attacks described in Felten’s recent paper show that security designers must improve their modeling of human behavior (and physics) when poised in front of their whiteboards.

Security is hard, but it is attainable! I’m optimistic that security engineering methodology will advance over time. Fortunately, today, a few companies are embracing a truly proactive approach for modeling threats and designing security systems.

This week, BitArmor will be making some key technical announcements on the strength of BitArmor software against attacks described in the Felten paper and beyond. Keep your eyes on this space...

Show 009 - An Interview with Bruce Schneier

Thu, 14 Dec 2006 08:45:53 +0000

In the ninth episode of The Silver Bullet Podcast, Gary interviews Bruce Schneier. Bruce is the founder and CTO of Counterpane and is regarded as the “uber-guru” of computer security. He has written eight bestselling books, most recently Beyond Fear: Thinking Sensibly About Security in an Uncertain World and is the editor of the massively popular Cryptogram mailing list. In this episode, Gary and Bruce discuss the connection between physical security its technological component, the idea of risk management, the intersection of economics and security, and the ideas of “wholesale surveillance” and “security theater.” They also discuss patch Tuesday, hack Wednesday, and Microsoft’s approach to software security.

Bruce’s Wikipedia entry
Bruce’s books
Bruce’s recent restaurant reviews
Counterpane
Crypto-Gram security podcast
Property Rights Management - Ed Felten’s discussion of PRM, mentioned on the show
Copyright Mythbusters: Believe It or Not, Fair Use Exists - a look at the “fair use doesn’t exist” argument
BBC plans attacked for ‘TV tax’ (March 14, 2006)
Bruce’s suggestion for “cheap” wines: Loire wines, Provence Wines, Southern Rhone wines

Show 005 - An Interview with Ed Felten

Mon, 28 Aug 2006 14:05:36 +0000

The fifth edition of the Silver Bullet Security Podcast features Ed Felten, Professor of Computer Science and Public Affairs at Princeton University and the Director of the Center for Information Technology Policy. Gary and Ed take a look at Ed’s predictions for 2006 and how he’s faring so far and then discuss Ed’s relationship with his former adversaries. They also talk about how to discuss difficult technology issues with lawmakers and the importance of public policy and the law to computer scientists. Ed also outlines the challenges of raising a bright 11-year-old.