Making Security Scale
Seth Proctor, Sun Microsystems
As systems have become more complex and increasingly distributed, one of the great challenges has been maintaining security, providing privacy, and protecting users who often know little or nothing about the ways in which their systems and data are managed. In short, the security of our systems hasn't scaled along with the systems themselves. One question is why, given that we have very strong building blocks in the form of robust ciphers and hash algorithms, good cryptographic protocols, and solid theory for many aspects of information flow. This talk cites several projects, both internal explorations and external collaborations, that I have worked on over many years in Sun's research labs. These examples are used to argue that scalability comes not just from the technical design of a system, but also its comprehensibility, usability, and manageability. It is often failings in these criteria that lead to the security and privacy break-downs that have become so widespread.
