Cybersecurity: How to Use What We Already Know

Понравилась презентация – покажи это...

Слайд 0

Cybersecurity: How to Use What We Already Know Jean Yang Privacy. Security. Risk. October 1, 2015 @jeanqasaur

Слайд 1

@jeanqasaur Our Future Runs on Software Smart homes Driverless cars Automatic dating But first we need to “solve” security!

Слайд 2

State of the Art @jeanqasaur Research Industry Undo mechanisms Encrypted databases Program analyses Provably secure software Firewalls The big question: How can we take advantage of research ideas in practice?

Слайд 3

This Talk @jeanqasaur Companies Venture capital Startups Academia Policy makers Consumers How can we connect researchers to everyone else?

Слайд 4

Part I: What Do Researchers Know? @jeanqasaur

Слайд 5

Jean Yang / Jeeves 6 State of the art. The Programming Perspective: We Still Live in the 1970s Permissions checks are required across the code.

Слайд 6

Policy-Agnostic Programming @jeanqasaur My PhD work. Programs attach policies to data. The rest of the code may be policy-agnostic. Programming model provides mathematical guarantees. Implementation strategy scales for real-world programs. jeeveslang.org

Слайд 7

Policy-Agnostic Programming for Our 21st Century Security Concerns @jeanqasaur Model View Controller Without automatic policy enforcement With Jacqueline, a policy-agnostic web framework that extends Python’s Django jeeveslang.org

Слайд 8

Part II: How Can We Use Research to Build Secure Software? @jeanqasaur

Слайд 9

Barriers to Industry Adoption Managers need to fight status quo. Programmers need to manage legacy code. @jeanqasaur What about the startup route to tech transfer?

Слайд 10

Security is no Tindog @jeanqasaur The Hot New Silicon Valley Startup Startup that Helps Us Build Secure Software Fun concept. Slick design. Toddler nephew can use it. Integrates with your life. Technical concept. Verifiable by experts. Requires infrastructure change.

Слайд 11

Unique Challenges for Security Startups @jeanqasaur Justin Somaini, Chief Trust Officer Concept is highly technical. No flashy demos. Adoption requires client expertise and/or trust. Solving a technical problem != building a product.

Слайд 12

Cybersecurity Factory $20,000 @jeanqasaur Raj Shah Office space Focused mentorship A network David Ting An 8-week accelerator I started that gives teams: Legal support Maxwell Krohn cybersecurityfactory.com

Слайд 13

Part III: How To Motivate Customers to Pay for Security? @jeanqasaur

Слайд 14

Insecurity is Expensive “A report released this month by the Atlantic Council and Zurich Insurance Group estimated that by 2030, an insecure Internet would reduce global economic net benefit by $90 trillion. In contrast, a completely secure Internet would result in a global net gain of $190 trillion.” -Jeff Kosseff, cybersecurity law professor @jeanqasaur

Слайд 15

The Security “Prisoner’s Dilemma” @jeanqasaur Lack of individual incentive: Requires more employee training. Requires more programmer effort. Doesn’t currently provide competitive advantage.

Слайд 16

Creating a Culture Around Caring Consumer Example: Snapchat @jeanqasaur Numerous privacy violations, but valued at $16 billion with 100 million users. Policy Example: Dentists Common to email records in violation of HIPAA, but HHS does not audit.

Слайд 17

Summary: How to Secure Software @jeanqasaur Ask smart people to come up with technical solutions. Put solutions into practice. Iterate. @jeanqasaur jeanyang.com Connect research with industry. Change incentives for security. Communicate and educate!