Computer Science Colloquia
Thursday, February 10, 2011
Host: Jack Davidson
OLS 009, 14:00:00
Attack Trends 2011 -or- Why Software Security
In some sense, software is the lifeblood of most modern complex systems. Software can fail, but worse yet, software can be intentionally made to fail by attackers. Instead of defending our systems by isolating them from the network (an impossible task), we must build security in from the beginning. Both social networking and mobile device security provide important security lessons that can inform a reasoned approach. Modern malicious code, including the Zeus Trojan, Stuxnet, and other persistent web threats, is as sophisticated as it is insidious. And future trends in attacks are even more alarming, leveraging rootkits, multi-core attacks, and hard-to-diagnose timing issues. Our sole recourse is software security. The good news is that we actually know what to do to build security in.
Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area and offices throughout the world. He is a globally recognized authority on software security and the author of eight bestselling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software (acquired by HP), Invincea, and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT).
Reception at 4:30 in OLS 228E