Vulnerable Compliance

Abstract: 

If a basic interoperability constraint, such as a core, standardized network protocol, has a flaw, then everyone who is standards-compliant will be vulnerable. What, then, does one do? If the flaw is long-standing, then by now it is pervasive, embedded in robotics, and likely to be in silicon. If the protocol is touchy, then seamless updates may not be possible. If a repair is possible but field deployment can be expected to have a half-life measured in months if not years, what does that imply for security policy? In the particular case of embedded systems, does this mean that remote upgradability—with all the risk such a capability entails—is a wise design choice? In the case of core Internet protocols, does that mean that Jon Postel's famous Robustness Principle, viz., to be conservative in what you send and liberal in what you accept, is no longer consistent with security? Is there an analog to perfect forward secrecy when it comes to planning for protocol failure the way we already (can) plan for key loss? With luck, this talk will at least ask the right questions.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {267215,
author = {Dan Geer},
title = {Vulnerable Compliance},
year = {2010},
address = {Washington, DC},
publisher = {USENIX Association},
month = aug
}
Download

Presentation Video

Links

Paper: 
Paper (HTML): 
Slides: 
http://www.usenix.org/events/sec10/tech/slides/geer.pdf