Cari amici,
This is a quick re-announcement for a guest speaker we're hosting tomorrow (it was announced
officially by the INF decanato, but some people -- me included! -- don't always read those):
Yvo Desmedt, Thursday 14.12.2023 (tomorrow!), D1.14, 15:30 - 16:30
Stay
warm,
Will
Schober
----------------------------------------------------
SPEAKER: Yvo Desmedt
TITLE: Are Clouds making our Research Irrelevant and Who is at Fault?
ABSTRACT: Until recently, the user of a computer system was able to (at least to some
degree) help decide security policies, such as which access and information
flow control to use, which cryptographic algorithms to choose, how to secure
databases in use, etc. Due to these choices, researchers were able to have an
impact on what was deployed.
In today's world, the Chief Information Officer (CIO) outsources online
communication (replacing landlines), databases, e-mail, storage, voting, WWW,
etc., to clouds. These do not use open source and do not disclose their
design. So, the security is left to the designer and the user is completely left
in the dark. Since most programmers never took a course in information
security, we should assume the worst.
In this presentation we justify several positions: (i) we make the claim that
clouds have lowered our information security; (ii) we wonder whether CIOs
compare competing clouds on their security properties and ask independent
experts for their advice; (iii) one finds that self-acclaimed experts often
lack basic knowledge; (iv) that research is becoming irrelevant. We also
wonder who is at fault for these problems and how we can address them.