Invited Essayist Keynote: Software Security in the Real World

Chair: Stephen Schwab, USC Information Sciences Institute

Software Security in the Real World

Dr. Úlfar Erlingsson, Manager of Security Research, Google

Abstract: At this conference in the year 2000, in an invited essay and talk , Butler Lampson compared computer security to real-world security, and gave an excellent overview of its challenges and concepts. In the spirit of that comparison, this talk compares modern, real-world software to the software for which traditional security models, policies, mechanisms, and means of assurance were developed, before the end of the 1970's. Since that time, software has changed radically: it is thousands of times larger, comprises countless libraries, layers, and services, and is used for more purposes, in far more complex ways. As a consequence, it is necessary to revisit many of our core computer security concepts. For example, it is unclear how the Principle of Least Privilege can be applied to set security policy, when software is too complex for either its developers or its users to explain its intended behavior in detail.
    One possibility is to take an empirical, data-driven approach to modern software, and determine its exact, concrete behavior via comprehensive, online monitoring. Such an approach can be a practical, effective basis for security—as demonstrated by its success in spam and abuse fighting—but its use to constrain software behavior raises many questions. In particular, two questions seem critical. First, is it possible to learn the details of how software *is* behaving, without intruding on the privacy of its users?  Second, are those details a good foundation for deriving security policies that constrain how software *should* behave?  
    This talk outlines what a data-driven model for software security can look like, and describes how both of the above questions can be answered affirmatively. Specifically, the talk describes techniques for learning detailed software statistics while providing differential privacy for its users, and how deep learning can help discover users' expectations for intended software behavior, and thereby help set security policy. Finally, the talk gives some evidence that those techniques can be adopted in practice, even at very large scales, and that data-driven software security can offer benefits to billions of users.

Essay: https://arxiv.org/abs/1605.08797

Presentation

About the Speaker

Úlfar currently heads a security research team at Google. Previously, he has been a researcher at Microsoft Research, Silicon Valley, an Associate Professor at Reykjavik University, Iceland, and led security technology at two startups: GreenBorder and deCODE Genetics. He holds a PhD in computer science from Cornell University.