Bruce Schneier

 

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

News and Interviews

Audio and Video

Speaking Schedule

Password Safe

Cryptography

About Bruce Schneier

Contact Information

 

Schneier on Security

A blog covering security and security technology.

« TSA's Ideal Laptop Bag | Main | Me in the News »

March 7, 2008

My Talk on "Dual Use Technologies"

This is video from my talk at CPSR's Technology in Wartime conference.

Posted on March 7, 2008 at 2:16 PM2 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

Jack C LiptonMarch 7, 2008 7:57 PM

I watched that video and found that, since I read your blog, that it wasn't anything particularly new.

But, then, as Winston Churchill said of writing speeches, you have to repeat the message over and over again in slightly different ways in order to hope for understanding.

I particularly liked your commentary on "assurance" and the mindset required to "get it right"... but, yes, you were also very right that no one, if they have a choice, will want to pay the price.

The real problem w/ assurance is that the _system_ may have some kind of assurance... but nothing guarantees that the applications themselves are assured secure.

Any MouseMarch 8, 2008 7:54 PM

Bruce Schneier: you briefly mentioned compartmentation to prevent small errors
propagating into big errors in that talk. Does the same apply with vulernabilities?

If so then wouldnt Operating Systems or runtimes based on object-capability based security (per www.erights.org definition) do nicely on compartmentation?

My experience is that an vulernability in an popular software library such as libpng or libjpeg can be utilized, for instance, to gain access to users data and mail it home to the attacker.
Due to the fact that the proccess running that library has, as default, all of the users access to that users files and resources. Where as if an instance of the library only had access to the raster output for the image, some private working storage and the bytestream containing the images data would only be able to corrupt what were shown in that raster buffer.

Post a comment




E-mail is optional and will not be displayed on the site.


Remember Me?


Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Powered by Movable Type. Photo at top by Geoffrey Stone.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

 
Bruce Schneier
Subscribe
Atom Feed Facebook Twitter E-Mail Newsletter (Crypto-Gram)
Subscribe via Kindle
Blog Menu

Search

Powered by DuckDuckGo


blog only
essays and op eds only
whole site

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M J
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D

Tags

more tags

Support Bloggers' Rights!
Defend Privacy--Support Epic
Latest Book
Liars & Outliers
more books by Bruce Schneier