Info: Zenodo’s user support line is staffed on regular business days between Dec 23 and Jan 5. Response times may be slightly longer than normal.

Published July 6, 2008 | Version v1
Presentation Open

Why (Managing) IT Security is Hard and Some Ideas for Making It Easier

Description

The way security mechanisms for distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are (a) very expensive and error-prone to build, deploy, and integrate, (b) complex and error-prone to operate and administer, and still (c) far from being adequate to the real-life problems. I discuss recent developments at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE), University of British Columbia. We have been investigating improvements in the way security mechanisms for distributed IT systems are engineered and managed. I will specifically talk about - an ongoing study of how IT security is managed in today organizations, and what makes it challenging, - improving availability of authorization subsystems in large-scale enterprise applications, and - protecting web applications from SQL injection attacks without analyzing or modifying application source code. The talk will is a high-level overview of various LERSSE research projects rather than a detailed discussion of any particular project.

Files

158.pdf

Files (4.4 MB)

Name Size Download all
md5:1d2f58bcdf1e4e4084da5338c9edbdc7
4.4 MB Preview Download