At various presentations and also in\u00a0our research on credit cards I came across approaches for security vulnerability research that are based on tools and techniques for building reliable systems.\u00a0 I\u00a0am\u00a0curious about the relation between the two, and thought maybe a blog is a good venue for people to share some thoughts on the issue.<\/p>\n
A\u00a0couple of examples of what I mean:<\/p>\n
– Martin is trying to build a reliable emulator for credit card payment.\u00a0He works with Leo on proofs for reliability.\u00a0Martin essentially follows the Praxis software development approach, in a light-weight incarnation.\u00a0But, as a consequence, he and Leo find security vulnerabilities.\u00a0Shouldn’t we have used a tool\/method that aims at finding security vulnerabilities instead of one that aims at building reliable systems?\u00a0 Or\u00a0are these somehow\u00a0the same?<\/p>\n
– We recently had a\u00a0colloquium guest speaker\u00a0(recently graduated PhD student) from Glasgow who talked about her research in using safety case description languages to describe case studies\u00a0for security breaches.\u00a0 Such use is almost contrary to what the language was defined for, but it seemed to work.<\/p>\n
I’m interested in the question whether we use existing dependability\/safety techniques for security research because (1) we don’t have better ones yet or because (2) they are the best ones imaginable.\u00a0 I guess the answer is ‘it depends’, but it struck me as interesting to try to understand this issues more generically and discuss on this blog.\u00a0 So, please comment.<\/p>\n","protected":false},"excerpt":{"rendered":"
At various presentations and also in\u00a0our research on credit cards I came across approaches for security vulnerability research that are based on tools and techniques for building reliable systems.\u00a0 I\u00a0am\u00a0curious about the relation between the two, and thought maybe a … Continue reading