Why (Managing) IT Security is Hard and Some Ideas for Making It Easier

Konstantin Beznosov

06 July 2008

Abstract: The way security mechanisms for distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are (a) very expensive and error-prone to build, deploy, and integrate, (b) complex and error-prone to operate and administer, and still (c) far from being adequate to the real-life problems. I discuss recent developments at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE), University of British Columbia. We have been investigating improvements in the way security mechanisms for distributed IT systems are engineered and managed. I will specifically talk about - an ongoing study of how IT security is managed in today organizations, and what makes it challenging, - improving availability of authorization subsystems in large-scale enterprise applications, and - protecting web applications from SQL injection attacks without analyzing or modifying application source code. The talk will is a high-level overview of various LERSSE research projects rather than a detailed discussion of any particular project.

Keyword(s): HOT Admin ; SAAM ; SQLPrevent ; LERSSE

Published in: Konstantin Beznosov, “Why (Managing) IT Security is Hard and Some Ideas for Making It Easier” talk given at the St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, 2 June 2008.:

The record appears in these collections:

 Record created 2009-04-27, last modified 2013-05-22

Transfer from CDS 0.99.7:
Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)