University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > Explorations of Science in Cyber Security

  Browse A-Z

Log in

Cambridge users (raven)details Other usersdetails No account?details

Information on

Subscribing to talksdetails Finding a talkdetails Adding a talkdetails Disseminating talksdetails Help and Documentationdetails

Explorations of Science in Cyber Security

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Wei Ming Khoo.

A scientific perspective on cyber security (a “science of cyber security”) is growing as a sound and respected area of research. In this talk we discuss how an empirical perspective enhances our understanding of how to create efficiently secure cyber infrastructure. In particular we discuss four questions that reflect “delusions” that we at the CERT Program see as endemic in the practice of cyber security.

  1. If code correctness is improving, why do exploits continue to rely on known avoidable programming mistakes?
  2. If policies are effective, why do unimplemented or ineffective policies continue to be an enabling element of major incidents?
  3. If monitoring provides useful situational awareness, why do so many significant intrusions remain undetected for weeks? months? years?
  4. If proficient response capabilities exist, why are even sophisticated victims challenged to quickly and effectively investigate, mitigate and recover?

We discuss our recent work in synthetic data generation and other work at CERT that strives to take sound scientific approaches to understanding and solving the challenges of creating and operation efficiently secure cyber infrastructure.

Some of the publicly available cyber security information and tools from the CERT Program include:

Secure Coding, http://www.cert.org/secureRcoding

Resiliency, http://www.cert.org/resilience

Cyber Training, http://www.cert.org/work/training.html

Insider Threats, http://www.cert.org/insider_threat

Forensics, http://www.cert.org/forensics

Network Monitoring, http://tools.netsa.cert.org

Fuzz Testing, http://www.cert.org/download/bff

Additional information is available at www.cert.org and in the 2010 CERT Research Report, www.cert.org/research/2010researchRreport.pdf.

This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

Other lists

Soft Matter Networks & Neuroscience Type the title of a new list here

Other talks

PTPmesh: Data Center Network Latency Measurements Using PTP Development of machine learning based approaches for identifying new drug targets TODAY Adrian Seminar - "Physiological and genetic heterogeneity in hearing loss" Dispersion for the wave and the Schrodinger equations outside strictly convex obstacles Auxin, glucosinolates, and drought tolerance: What's the connection? What is the History of the Book? Animal Migration 'The Japanese Mingei Movement and the art of Katazome' Cambridge-Lausanne Workshop 2018 - Day 2 Cambridge-Lausanne Workshop 2018 - Day 1 A rose by any other name Aspects of adaptive Galerkin FE for stochastic direct and inverse problems
 

© 2006-2024 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity