Why Johnny doesn’t write secure software?

Add to your list(s) Download to your calendar using vCal

• Awais Rashid, University of Bristol
• Tuesday 07 December 2021, 15:00-16:00
• Webinar.

If you have a question about this talk, please contact Jack Hughes.

Software is in the very fabric of the systems we utilise in our daily lives – from online banking to social media through to critical infrastructures that bring water and electricity to our homes and drive systems such as transportation, health and governmental services. Yet vulnerabilities in software continue to be a recurring issue despite major advances in libraries, APIs and tools to help developers write secure software and test the security of their software systems. Almost 20 years ago, Alma Whitten and Doug Tygar wrote about the usability challenges faced by an archetypal user (Johnny) when utilising cryptography to secure communications. Developers face similar challenges when utilising the security libraries, APIs and tools at their disposal. In this talk, I will discuss insights from over 5 years of research on these struggles and their potential impact on the security of the resultant software. I will conclude by discussing ongoing work on exploring developers’ understanding of hardware security advances such as CHERI and how these may shape the way they develop software on future secure hardware architectures.

Bio: https://research-information.bris.ac.uk/en/persons/awais-rashid

This talk is part of the Computer Laboratory Security Seminar series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Cambridge talks
• Computer Laboratory Security Seminar
• Department of Computer Science and Technology talks and seminars
• Interested Talks
• School of Technology
• Security-related talks
• Trust & Technology Initiative - interesting events
• Webinar
• bld31

Note that ex-directory lists are not shown.