Why (Managing) IT Security is Hard and Some Ideas for Making It Easier
Creators
Description
The way security mechanisms for distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are (a) very expensive and error-prone to build, deploy, and integrate, (b) complex and error-prone to operate and administer, and still (c) far from being adequate to the real-life problems. I discuss recent developments at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE), University of British Columbia. We have been investigating improvements in the way security mechanisms for distributed IT systems are engineered and managed. I will specifically talk about - an ongoing study of how IT security is managed in today organizations, and what makes it challenging, - improving availability of authorization subsystems in large-scale enterprise applications, and - protecting web applications from SQL injection attacks without analyzing or modifying application source code. The talk will is a high-level overview of various LERSSE research projects rather than a detailed discussion of any particular project.
Files
158.pdf
Files
(4.4 MB)
Name | Size | Download all |
---|---|---|
md5:1d2f58bcdf1e4e4084da5338c9edbdc7
|
4.4 MB | Preview Download |