000000158 001__ 158
000000158 005__ 20130522141950.0
000000158 037__ $$aLERSSE-PRESENTATION-2008-072
000000158 041__ $$aeng
000000158 100__ $$aKonstantin Beznosov
000000158 245__ $$aWhy (Managing) IT Security is Hard and Some Ideas for Making It Easier
000000158 260__ $$c2008-07-06
000000158 300__ $$a47p
000000158 520__ $$aThe way security mechanisms for distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are (a) very expensive and error-prone to build, deploy, and integrate, (b) complex and error-prone to operate and administer, and still (c) far from being adequate to the real-life problems. I discuss recent developments at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE), University of British Columbia. We have been investigating improvements in the way security mechanisms for distributed IT systems are engineered and managed. I will specifically talk about - an ongoing study of how IT security is managed in today organizations, and what makes it challenging, - improving availability of authorization subsystems in large-scale enterprise applications, and - protecting web applications from SQL injection attacks without analyzing or modifying application source code. The talk will is a high-level overview of various LERSSE research projects rather than a detailed discussion of any particular project.
000000158 6531_ $$aHOT Admin
000000158 6531_ $$aSAAM
000000158 6531_ $$aSQLPrevent
000000158 6531_ $$aLERSSE
000000158 8560_ $$fqiangw@ece.ubc.ca
000000158 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/158/files/158.pdf$$yTransfer from CDS 0.99.7
000000158 909C4 $$pKonstantin Beznosov, “Why (Managing) IT Security is Hard and Some Ideas for Making It Easier” talk given at the St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, 2 June 2008.
000000158 980__ $$aPRESENTATION