A Pie of P-Baked Security Ideas

Speaker: Dennis Heimbigner, University of Colorado

Date: June 19, 2002

I will be returning to Boulder on June 23, and I could not resist taking one last opportunity to consult the UCD security community. In this talk, I present some half-baked ideas about security, with the hope that I can get some feedback on their merit and some ideas about improving them or making them more practical. Among the ideas I will discuss are the following:

1. Architecture-level vulnerability analysis.
Is it possible to carry out any useful vulnerability analyses at software design-time, and especially on architecture specifications?

2. Security through architectural degradation:
Is it possible to provide a graduated response to potential insider attacks using deception?