IC Colloquium : System-Level Failures in Security
Event details
| Date | 17.02.2014 |
| Hour | 16:15 › 17:30 |
| Location | |
| Category | Conferences - Seminars |
By Steven J. Murdoch, University of Cambridge
IC Faculty candidate
Abstract
Many security critical systems may appear to be secure in theory, but fail when deployed in real life. This talk will discuss examples of this problem, drawn from the fields of banking security and anonymous communications. The causes for these failings include interactions between security mechanisms, inappropriate abstractions, and lack of consideration for usability. In this talk I will argue that security is a system property, and that managing the complexity of the design process is the biggest challenge in building secure systems. I will introduce my research on developing tools to analyse such systems which are capable of drawing conclusions from data that is complete and includes uncertainty.
Biography
Dr. Steven J. Murdoch is a Royal Society University Research Fellow in the Security Group of the University of Cambridge Computer Laboratory, working on developing metrics for security and privacy. His research interests include covert channels, banking security, anonymous communications, and censorship resistance. Following his PhD studies on anonymous communications, he worked with the OpenNet Initiative, investigating Internet censorship. He then worked for the Tor Project, on improving the security and usability of the Tor anonymity system. Currently he is supported by the Royal Society on developing methods to understand complex system security. He is also working on analyzing the security of banking systems especially Chip & PIN/EMV, and is Chief Security Architect of Cronto, an online authentication technology provider and part of the Vasco group.
More information
IC Faculty candidate
Abstract
Many security critical systems may appear to be secure in theory, but fail when deployed in real life. This talk will discuss examples of this problem, drawn from the fields of banking security and anonymous communications. The causes for these failings include interactions between security mechanisms, inappropriate abstractions, and lack of consideration for usability. In this talk I will argue that security is a system property, and that managing the complexity of the design process is the biggest challenge in building secure systems. I will introduce my research on developing tools to analyse such systems which are capable of drawing conclusions from data that is complete and includes uncertainty.
Biography
Dr. Steven J. Murdoch is a Royal Society University Research Fellow in the Security Group of the University of Cambridge Computer Laboratory, working on developing metrics for security and privacy. His research interests include covert channels, banking security, anonymous communications, and censorship resistance. Following his PhD studies on anonymous communications, he worked with the OpenNet Initiative, investigating Internet censorship. He then worked for the Tor Project, on improving the security and usability of the Tor anonymity system. Currently he is supported by the Royal Society on developing methods to understand complex system security. He is also working on analyzing the security of banking systems especially Chip & PIN/EMV, and is Chief Security Architect of Cronto, an online authentication technology provider and part of the Vasco group.
More information
Practical information
- Informed public
- Free
- This event is internal
Contact
- Tania Epars