<<< Date Index >>>     <<< Thread Index >>>

[IP] more on MS XP service pack will automatically download *and* install updates



Here are my two Grand Challenges on Security (auto update is #2)


Grand Challenge #1

Background

After 9/11 and the subsequent reorganizations of the federal
organizations that resulted in, for example,  the DHS , there was
required the "sharing" of intelligence information between sectors of
the intelligence and law enforcement community at a scale that
previously had never been contemplated. While this is considered
necessary for national security, it raised a set of severe concerns
dealing with the propagation of such information  into large
communities where proper safeguards of use and audit ability
isdifficult to implement and to enforce.

Simultaneously, there was raised by many citizens, a concern for their
privacy as personal information of various levels of quality is to be
widely distributed to organizations both with in the federal arena and
state law enforcement. They are also concerned as to the tendency to
use this information for other>originally gathered for -- for example the use 
of the airline security
lists for catching dead beat fathers etc with and without the consent
of the citizens.

Finally there is concern that  the data transferred between
organizations may disclose sensitive information about the sources of
the information and the methods used to gather it. However those
pieces of information are critical to the metric of the believability
and usability of the information. How to transmit a metric of the
originators belief to a client organization is critical. Such
approaches are not obvious.

Grand Challenge #2

As the latest virus and worm attack has shown, many computer users,
both home and industrial, fail to keep their systems properly upgraded
with the software fixes that are targeted to stop such
vulnerabilities.. While the Windows systems is the "popular" target
for such attacks and failures, other systems can and will suffer the
same fate. It has been proposed that the software vendors be able to
automatically access their customer systems to make sure that they are
up-to-date. This raises a set of very difficult problems that range
from the potential of a massive worldwide computer failure if a
upgrade actually contains a problem that takes down a significant
number of machines (as has happened in the past). Many of these
machines may serve critical applications and thus cause serous
national security problems. In addition there is the potential for
hijacking of the upgrade mechanism  that would make many internal data
accessible to an attacker. How to provide reliable computing, given we
are 'stuck" with the current software/hardware systems is vital and
non trivial.


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/