Butler Lampson
Microsoft
What people want from computer security is to be as secure with computers as they are in the real world. Real-world security is about value, locks, and police. When it works, you get good enough locks (not too many break-ins), good enough police (so break-ins aren't a paying business), and minimum interference with daily life. Computer security is hard because people don’t trust new things (especially when they don’t understand them), and computers are fast and complicated. The kind of computer break-ins most people care about are vandalism or sabotage that damages information or disrupts service, theft of money or information, and loss of privacy. Some people think that because computers are precise, perfect computer security should be possible. I'll explain why this is wrong, and talk about what kind of security is practical and how to get it.
Links: PowerPoint, Acrobat. A paper is here.
Email: blampson@microsoft.com.
This paper is at http://www.research.microsoft.com.