|![[Search]](https://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](https://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](https://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](https://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](https://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > The Unfalsifiability of security claims
The Unfalsifiability of security claimsAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Laurent Simon. Abstract: There is an inherent asymmetry in computer security: things can be declared insecure by observation, but not the reverse; there is no test that allows us to declare an arbitrary system or technique secure. We show that this implies that claims of necessary conditions for security (and sufficient conditions for insecurity) are unfalsifiable (or untestable). This in turn implies an asymmetry in self-correction: while the claim that countermeasures are sufficient can always be refuted, the claim that they are necessary cannot. Thus, the response to new information can only be to ratchet upward: newly observed or speculated attack capabilities can argue a countermeasure in, but no possible observation argues one out. So errors accumulate. Further, when justifications are unfalsifiable, deciding the relative importance of defensive measures reduces to a subjective comparison of assumptions. We argue that progress has been slow in security precisely because of a failure to identify mistakes. Bad ideas that have received no corroboration persist indefinitely and the resources they consume crowds out sensible measures to reduce harm; examples of this abound. Many things that deliver no observed benefit are declared necessary for security, either because they have defined to be so, or have been reached through logically muddled arguments. Bio: Cormac Herley’s main current interests are data analysis problems, authentication and the economics of information security. He has published widely in signal and image processing, information theory, multimedia, networking and security. He is the inventor on over 70 US patents, and has shipped technologies used by hundreds of millions of users. His research has been widely covered in outlets such as the Economist, NY Times, Washington Post, Wall St Journal, BBC , the Guardian, Wired and the Atlantic. He received the PhD degree from Columbia University, the MSEE from Georgia Tech, and the BE(Elect) from the National University of Ireland. This talk is part of the Computer Laboratory Security Seminar series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsThe Inaugural Kate Pretty Lecture Type the title of a new list here DPMMS Lists Plant Epidemiology and Modelling Cambridge Tech Talks HEP phenomenology joint Cavendish-DAMTP seminarOther talksLouisiana Creole - a creole at the periphery Satellite Applications Catapult Quickfire Talks Is Demand Side Response a Woman’s Work? Gender Dynamics Neural Networks and Natural Language Processing Numerical solution of the radiative transfer equation with a posteriori error bounds |
Cormac Herley, Microsoft Research, Redmond
Tuesday 09 February 2016, 14:00-15:00