Swarthmore College Department of Computer Science

Talk by David Clark

Why Network Security is even harder than you thought
Wednesday, April 14
SCI 199, 4:30pm

Abstract

There are a number of hypotheses to explain the current poor state of computer and communications security. There is the suspicion that the consumer won't pay, the idea that system suppliers just want to duck the problem, the claim that security is too hard to use, and the possibility that we can't even agree on what better security means. This jumble of excuses for poor security needs to have some sense of order put on it to make progress.

I argue that the traditional approach to sorting out the various aspects of security actually masks the deeper problems in the field. The traditional taxonomy of security divides the problem into different objectives, such as disclosure control, integrity, and availability. This structure, while familiar, does not seem to shed much light on the barriers to better security. It tends to suggest that security is an objective where "more is better" in the pursuit of these objectives, I conclude that we need a model based on different ways of organizing the stake-holders to the security problem. I organize security into these four concerns:

  • Personal: those concerns such as privacy we have as individuals
  • Shared: those concerns that govern communication among willing parties
  • Communal: those concerns we address as an integral society
  • Global: those concerns that arise because the Internet connects many societies with different norms.

By looking at the stakeholders, we see that that security is a multi-dimensional design problem shaped by conflict of values among the players, and that progress is gated by these debates. The problem is rooted in the nature of society, not technology. I will present a model of the interaction among these forces, show how we might use this model to reason about better security, and present some specific recommendations about the best path to better network security.

Biography

Swarthmore alum David Clark is a Senior Research Scientist at the MIT Computer Science and Artificial Intelligence Laboratory, where he has worked since receiving his Ph.D. there in 1973. Since the mid 70s, Dr. Clark has been leading the development of the Internet; from 1981-1989 he acted as Chief Protocol Architect in this development, and chaired the Internet Activities Board. More recent activities include extensions to the Internet to support real-time traffic, pricing and related economic issues, and policy issues surrounding the Internet, such as broadband local loop deployment. His current research looks at re-definition of the architectural underpinnings of the Internet, and the relation of technology and architecture to economic, societal and policy considerations. Dr. Clark is chairman of the Computer Science and Telecommunications Board of the National Academies, and has contributed to a number of studies on the societal and policy impact of computer communications. He is one of the directors of the newly formed Communications Futures Program at MIT, which draws on multiple centers and schools at MIT to construct a view of the communications industry across the value chain.