Are Clouds making our Research Irrelevant and Who is at Fault?

Speaker:
Yvo Desmedt, University of Texas, USA

Abstract:
Until recently, the user of a computer system was able to (at least to some degree) help decide security policies, such as which access and information flow control to use, which cryptographic algorithms to choose, how to secure databases in use, etc. Due to these choices, researchers were able to have an impact on what was deployed.

In today's world, the Chief Information Officer (CIO) outsources online communication (replacing landlines), databases, e-mail, storage, voting, 
WWW, etc., to clouds. These do not use open source and do not disclose their design. So, the security is left to the designer and the user is 
completely left in the dark. Since most programmers never took a course in information security, we should assume the worst.

In this presentation we justify several positions: (i) we make the claim that clouds have lowered our information security; (ii) we wonder whether CIOs compare competing clouds on their security properties and ask independent experts for their advice; (iii) one finds that self-acclaimed experts often lack basic knowledge; (iv) that research is becoming irrelevant. We also wonder who is at fault for these problems and how we can address them.

Biography:
Yvo Desmedt is the Jonsson Distinguished Professor at the University of Texas at Dallas, a Fellow of the International Association of Cryptologic Research (IACR) and a Member of the Belgium Royal Academy of Science. He received his Ph.D. (1984, Summa cum Laude) from the University of Leuven, Belgium. He held positions at: Universite de Montreal, University of Wisconsin - Milwaukee (founding director of the Center for Cryptography, Computer and Network Security), and Florida State University (Director of the Laboratory of Security and Assurance in Information Technology). He was BT Chair, Chair of Information Communication Technology at University College London and lately Honorary Professor. He has held numerous visiting appointments. He is the Editor-in-Chief of IET Information Security and Chair of the Steering Committee of CANS. He was Program Chair of e.g., Crypto 1994, the ACM Workshop on Scientific Aspects of Cyber Terrorism 2002, and ISC 2013. He has authored over 200 refereed papers, primarily on cryptography, computer security, and network security. He has made important predictions, such as his 1983 technical description how cyber could be used to attack control systems (realized by Stuxnet), and his 1996 prediction hackers will target Certifying Authorities (DigiNotar was targeted in 2011). He also authored the first paper on Hardware Trojan (Proc. Crypto 1986) and posed searchable encryption as an open problem in 1993 (NSPW). He was requested to give feedback on: the report by the US Presidential Commission on Critical Infrastructures Protection, the list of Top 10 Scientific Issues Concerning Development of Human Society (China), and gave feedback on some US NIST standards. He suggested that NIST makes a Threshold Cryptography standard.

Host: Prof. Stefan Wolf