Team for Research in
Ubiquitous Secure Technology

Security is Broken
Rik Farrow

Citation
Rik Farrow. "Security is Broken". Talk or presentation, 31, August, 2007.

Abstract
Our computer security model is broken. Worse yet, it never really has worked ... all certainly desktops and laptops, but also most servers. The current security model was not designed to protect users from themselves, and this goes a long way towards understanding why security is so difficult. I end by looking at strategies for improving security -- but no real solutions. The point is to start thinking outside of the box, while adopting best practices today. What we have done in the past has not worked, and can not work. We need to look at the security model in a new way, and that is the real point of this presentation. Bio: "Rik Farrow provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984, and with TCP/IP networks since 1988. He has taught for NASA, Department of Justice, NSA, US West, Canadian RCMP, Swedish Navy, CSI, USENIX, and for many US and European user groups. Farrow also consults with firms in the design and implementation of security applications, and works with organizations to create secure firewalls and Internet facing servers."

Electronic downloads

Citation formats  
  • HTML
    Rik Farrow. <a
    href="http://www.truststc.org/pubs/156.html"
    ><i>Security is Broken</i></a>, Talk or
    presentation,  31, August, 2007.
  • Plain text
    Rik Farrow. "Security is Broken". Talk or
    presentation,  31, August, 2007.
  • BibTeX
    @presentation{Farrow07_SecurityIsBroken,
        author = {Rik Farrow},
        title = {Security is Broken},
        day = {31},
        month = {August},
        year = {2007},
        abstract = { Our computer security model is broken. Worse yet,
                  it never really has worked ... all certainly
                  desktops and laptops, but also most servers. The
                  current security model was not designed to protect
                  users from themselves, and this goes a long way
                  towards understanding why security is so
                  difficult. I end by looking at strategies for
                  improving security -- but no real solutions. The
                  point is to start thinking outside of the box,
                  while adopting best practices today. What we have
                  done in the past has not worked, and can not work.
                  We need to look at the security model in a new
                  way, and that is the real point of this
                  presentation. Bio: "Rik Farrow provides UNIX and
                  Internet security consulting and training. He has
                  been working with UNIX system security since 1984,
                  and with TCP/IP networks since 1988. He has taught
                  for NASA, Department of Justice, NSA, US West,
                  Canadian RCMP, Swedish Navy, CSI, USENIX, and for
                  many US and European user groups. Farrow also
                  consults with firms in the design and
                  implementation of security applications, and works
                  with organizations to create secure firewalls and
                  Internet facing servers."},
        URL = {http://www.truststc.org/pubs/156.html}
    }
    

Posted by Christopher Brooks on 1 Feb 2007.
Groups: trustseminar
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.