In an age when cyber attacks are growing more complex and severe, a computer science expert who spoke at Fordham advocated the development of four cutting-edge technologies to improve cyber security.
Ruby Lee, Ph.D., a professor of electrical engineering and computer science at Princeton, offered her suggestions on Aug. 3 at the International Conference on Cyber Security. They include:
• enabling trustworthy spaces. Because it is infinitely complex to secure entire systems from top to bottom, trustworthy spaces are sub-levels of cyberspace that are designed to protect systems’ most valuable information.
“Security is seen as a static castle with moats around it,” Lee said. “With trustworthy spaces, even if the castle is torn down, data in the critical operations is secure and impenetrable inside of this bubble.”
• using hardware trust anchors. These independent pieces of hardware provide secure access to systems. Some may even monitor systems and detect any illicit changes.
Lee pointed out a system in which hardware is split into several parts to ensure greater security. However, she added that such a model is not perfect. “It does not fully protect despite the split,” she warned.
• creating moving targets—systems that change constantly to limit their vulnerability to attack, while increasing hackers’ uncertainty, cost and risk.
“Today, once an attacker has penetrated one system, he or she can attack any number of systems in that same way,” Lee said. “Tomorrow, we want every system to look different to an attacker.”
One of her key ideas is to use randomization when designing systems in conjunction with the moving targets. While using randomization alone for security is unsecure, she said, when applied with a more fully realized moving-target approach, it is more effective.
• promoting responsible corporate cyber security through economic incentives. Such incentives will create motivation to maintain up-to-date system security in the ever-changing environment of malware and attacks.
The problem, however, is that there are no reliable metrics for gauging the security of a system.
“Tomorrow’s systems must know that there will be system vulnerabilities even in the most heavily constructed systems.” she said. “We need to constantly design strategies and map out tactics that can be resilient in this kind of environment.”
In addition, Lee presented a design challenge: to improve cyber security without compromising performance, energy, consumption, cost or usability.
In describing the wide scope of cyber security, she compared computer viruses to those in humans. Viruses are consistent and never completely eradicated, as they can lie dormant for a long time.
“There is never going to be a solution that once and for all solves the problem of security,” Lee said. “So computers must be likened to the human body, which carries bacteria and viruses that do not prevent it from functioning productively and normally.”