It is quite good to listen to the speech by Dr Huang who is invited to our class.Dr Ming-Yuh Huang (who goes by "Huang") is a Boeing Fellow leading Boeing's Information Assurance R&D Program to support the corporate enterprise as well as a wide array of large-scale commercial/military programs.His lecture is about the current model of network security, which models medieval castle construction. 1,harden walls around the castle including some surrounding small river. 2,a few strongly fortified access points,for example, maybe some soldiers are securing the gates in the different directions of the castle. 3,Little protection inside, so if the enemy can intrude the gates fortified, it means they can have the access to almost everything in the castle. With the evolutionary development of technology, the castle may change the material of walls, enforce the security force in the gates. But this evolutionary model was no match to survive the revolutionary world. When the gun power or cannon was invented, the castle can be easily conquered, even we do not need air fighters to defeat the secure force of the castle. This example is quite excellent to make a difference between evolution and revolution. The details of Dr Huang's lecture can be found in
http://kio.pg.gda.pl/safecomp2006/download/Ming-Yuh_Huang_keynote_Safecomp2006.pdf
Compring the security of castles, the current network is a few strongly gateway firewalls, no protection once inside..., how they are similar in essence?
Actually, the current network security is still evolutionary, the gateway becomes more complex, the anti-virus and operating systems becoming more and more complex, but if some dramatical virus appears, it will crash millions of systems, that kind of scenarios have happened again and again.The virus family is listed in the following picture.
Now the question is if the current model of cyper security is so vulnerable, how can we revolutionarily change the rule of security, or change the security model to make the internet safe for the general good people?
Biometic authentication, firewall,Intrusion detection, these are all passive ways to increase the security, how can we change the secure model by technology so that no body can have the access to the information which is not permitted for him or her to access.The person who can construct this basic model is like the one who can establish the good law. Some experts have writen this report to the US congress to make the leaders in the US be aware of this important issue.
http://www.fas.org/sgp/crs/terror/RL32114.pdf
They may can figure out the policy to protect the commonweath of the people. Also they need listen to advices and suggestions from the voters and experts.
The virus of history can found in the webpagehttp://www.infoplease.com/ipa/A0872842.html ,From the big news of that day, if the public paid much attention to the virus, the coder of virus always can be caught, but the destruction has done to the affected companies and persons, who will compensate that? If we do not have revoltionary secure model to fight the online crime, we always passively patch the holes and caught the hackers, it will not completely save the money and energy involved .So, in my opion, we can make it known to the potential worm writers, we have the enough and complete law to punish them and they should regret for their time for what damage they have done to the cyber world, and by the way, encourage the person to develop the security models .
No comments:
Post a Comment