Death, Taxes, and Cyber-attacks > Windows in Financial Services

| Login

Windows in Financial Services is the industry’s central source for information covering the most important developments in financial services IT. Issue by issue, we describe the latest trends, products and applications of technology solutions delivered by Microsoft and its expanding alliance of partners.

Latest Leaders Forum

MICROSOFT LEADERS FORUM - Insurers: Taking on the Cutting Edge and Adding Value

The insurance industry has often been criticized for being too legacy burdened to take advantage of new technology, but this is proving far from true....

View all Leaders Forums

The Mag Archives

Articles by Category

High-Performance Computing (15)

Innovation (5)

Inside Microsoft (12)

Insurance (21)

Leaders Forum (9)

Mainframe Migration (7)

Mobility (3)

News Briefs (4)

Payments (6)

People on the Move (4)

The Quarterly Magazine

Current Articles | Categories | Search | Syndication

Death, Taxes, and Cyber-attacks

Few today would hesitate to add cyber-attacks to death and taxes as yet another of life's unpleasant and unavoidable certainties. Networked systems are not secure, but increasingly our society's infrastructures (where the financial sector leads) are becoming dependant on these systems. Greater dependence means greater risk – risk, for example, that data becomes corrupted, that trades or other transactions won't or cannot be executed, or that confidential information is leaked.

Moreover, some of this risk is avoidable. Far more is known about how to build secure systems than is being put into practice. Virtually all of the worms and viruses making the rounds these days exploit the same few kinds of program bugs. Not only do we know how to eliminate these bugs, but we know how to avoid them in the first place. And software developers are showing increased concern about security issues, so future software releases should have fewer instances of these bugs. Microsoft's Trustworthy Computing initiative, announced in January 2002, is among the most visible examples of new priorities. But patching or replacing legacy systems is neither cheap nor easy, so old code, hence code that is vulnerable to attack, will likely be part of the cyber-landscape for some time to come.

Professor Fred Schneider of Cornell is an expert in the field of security. He plans to support a new security initiative at CTC in Manhattan. Contact Roger Lang for more information: rlang@tc.cornell.edu.

Writing and Understanding Policy

Defenders and attackers in cyberspace engage in an ever-escalating game of thrust and parry. Eliminate the low-hanging fruit and attackers simply reach higher and devise attacks for which defenses are not as easily deployed. For example, one of our more powerful defenses is embodied in the "Principle of Least Privilege," which holds that principals – be they people, computers, or programs – should only be accorded sufficient rights to accomplish the task at hand. (The military instantiates this principle for confidentiality as "Need to know.") A sensible basis for implementing security in theory, the Principle of Least Privilege in practice requires fine-grained access controls, which, in turn, means both building more powerful enforcement mechanisms into our systems and writing policies that are suitably detailed. Schemes do exist for extending software to implement fine-grained authorization, including work at Cornell's Information Assurance Institute (IAI) on program rewriting to inline a reference monitor. But few users today bother to set access controls for their files; imagine what will happen when these settings are required for a myriad of smaller objects, like individual records in files.

So expressive policy specifications could be a powerful next level of defense, but they are not yet ready for prime time. Further research is needed. We need expressive, but intuitive, languages for defining security policies along with methods for constructing security policies (perhaps automatically) and for analyzing these policies to establish that they mean what we expect. We need a theory for combining policies, so that individual polices that make sense in isolation also make sense when combined. Notice, this is an area of investigation that benefits from collaborations between researchers, who understand semantics and logic, and practitioners who have hands-on experience with real policy needs. Institutions like Cornell's IAI-Manhattan provide a forum for researchers and practitioners to have these discussions, and indeed these discussions have commenced.

A Road Ahead

Expressive policy specifications are but one of many defenses that researchers are investigating in anticipation of cyber-attacks to come. Familiarity with how these future defenses will work better positions you to evolve an enterprise networked information system in ways more conducive to ultimately deploying those new defenses. In addition, those who deal with cyber-attacks on a day to day basis when managing large-scale enterprise mission critical networked information systems are well positioned to inform research directions.

IAI-Manhattan is a vehicle for just these sorts of conversations – conversations with international experts working in various aspects of trustworthy networked information systems: scalability, fault-tolerance, and security. These scientists want to know about real problems – yours; and they would be happy to discuss solutions just over the horizon – theirs.

For further information, contact Roger Lang (rlang@tc.cornell.edu).