Perspectives on Security
Butler Lampson
Microsoft Research
Symposium on Operating Systems Principles
October 4, 2015
This is a thematic overview of what has happened in computer security over the last 50 years, from the viewpoint of someone who works in computer systems. The main themes are how to isolate a computation from its environment, and then how to enable exactly the communication allowed by a security policy. The goals are secrecy, integrity, and availability. The mechanisms are access control and information flow control; both depend on authentication, authorization, and auditing (the gold standard). Distributed systems also need cryptography for secure communication, and explicit assertions of trust for every part of the system: users, programs, channels, management. Bugs compromise security; verification can eliminate them if the system is simple enough, and bandaids can reduce the pain. For the most part attempts to build secure systems have failed. Success will need a different approach.
There is no paper for this talk. Here are links to the slides.