Could you help me with this question.

Question:

Share here your opinion after reading the Interview article below

Article:

AN INTERVIEW WITHMatt Bishop

Matt Bishop received his PhD in computer science from PurdueUniversity, where he specialized in computer security, in 1984. He was

a research scientist at the Research Institute for Advanced ComputerScience and was on the faculty at Dartmouth College before joining

the Department of Computer Science at the University of California atDavis. He teaches courses in computer security, operating systems, and

programming.

His main research area is the analysis of vulnerabilities in computersystems, including modeling them, building tools to detect vulnerabilities,

and ameliorating or eliminating them. This includes detecting and handling all types ofmalicious logic. He is active in the areas of network security, the study of denial-of-service attacksand defenses, policy modeling, software assurance testing, and formal modeling of access control.

He also studies the issue of trust as an underpinning for security policies, procedures, andmechanisms.

He is active in information assurance education, is a charter member of the Colloquium onInformation Systems Security Education, and led a project to gather and make available manyunpublished seminal works in computer security. He has authored a textbook, Computer Security: Artand Science, published by Addison-Wesley Professional.

What led you to focus your research on system vulnerabilities?

I became interested in this area because of the ubiquity of the problem. We have been designing andbuilding computer systems since the 1950s, and we still don't know how to secure systems in practice.

Why not? How can we find the existing vulnerabilities and improve the security of those existing

systems?Also, there are parallels with nontechnical fields. I find those parallels fascinating, and I enjoy learningand studying other fields to see if any of the methods and ideas from those fields can be appliedto analyzing systems and improving their security. Some fields, like military science, political science,and psychology, have obvious connections. Others, such as art and literature, have less obvious connections.

But all emphasize the importance of people to computer and software security.

Do you have an example of what can happen when security is treated as an add-on, ratherthan designed into a system from the beginning?

Yes. Consider the Internet. When it was first implemented (as the old ARPANET), the protocols werenot developed to supply the security services that are now considered important. (The security servicesthat were considered important were various forms of robustness, so that the network would provideconnectivity even in the face of multiple failures of systems in the network and even of portions of thenetwork itself. It supplied those services very well.) As a result, security services such as authentication,confidentiality of messages, and integrity of messages are being treated as add-ons rather than theprotocols being redesigned to provide those services inherently. So today we have security problems inthe descendant of the ARPANET, the Internet.

How can the choice of programming language affect the security of the resultingprogram?

In two ways. The more obvious one is that some programming languages enforce constraints that limitunsafe practices. For example, in Java, the language prevents indexing beyond the end of an array. In C,the language does not. So you can get buffer overflows in C, but it's much harder to get buffer overflowsin Java. The less obvious one is that the language controls how most programmers think about theiralgorithms. For example, a language that is functional matches some algorithms better than one thatis imperative. This means the programmer will make fewer mistakes, and the mistakes he or she makeswill tend to be at the implementation level rather than the conceptual or design leveland mistakesat the implementation level will be much easier to fix.

What can be done about the problem of viruses, worms, and Trojan horses?

These programs run with the authority of the user who triggers them; worms also spread autonomouslythrough the network and most often take advantage of vulnerabilities to enter a systemand spread from it. So several things can ameliorate the situation:

1. Minimize the number of network services you run. In particular, if you don't needthe service, disable it. This will stop the spread of many worms.

2. Don't run any attachments you receive in the mail unless you trust the person whosent them to you. Most viruses and many worms spread this way. In particular,some mailers (such as Outlook) can be set up to execute and/or unpack attachments

automatically. This feature should be disabled.

3. The user should not be able to alter certain files, such as system programs andsystem configuration files. If the user must be able to alter them, confirmationshould be required. This will limit the effect of most viruses to affecting the userrather than the system as a whole or other users on the system.

Many personal computer users do not update their systems with the latest operatingsystem patches. Should computer manufacturers be given the ability (and the obligation)to keep up-to-date all of their customers' Internet-connected computers?

I question the wisdom of allowing vendors to update computers remotely. The problem is that vendorsdo not know the particular environment in which the computers function. The environmentdetermines what "security" means. So a patch that improves security in one realm may weaken it inanother.

As an example, suppose a company disallows any connections from the network except through avirtual private network (VPN). Its systems were designed to start all servers in a particular directorythat contains all network servers. So to enforce this restriction, all network servers except the VPN areremoved from the systems. This prevents the other servers from being started.

The system vendor discovers a security vulnerability in the email server and the login procedure. It fixesboth and sends out a patch that includes a new login program and a new email server. The patch installsboth and reboots the system so the new login program and email server will be used immediately.The problem here is that by installing the new email server (which improves security in most systems),

the company's systems now are nonsecure, as they can be connected to via a port other than those usedfor the VPN (for example, the email port, port 25). The vendor's patch may therefore damage security.We saw this with Windows XP SP2. It patched many holes but also broke various third-party applications,some of them very important to their users.

So I believe vendors should be obligated to work with their customers to provide security patches andenhancements, but should not be given the ability to keep the systems up-to-date unless the customerasks for it. Vendors should also provide better configuration interfaces, and default configurations, thatare easy to set up and change, as well as (free) support to help customers use them.

Do you expect personal computers a decade from now to be more secure than they aretoday?

In some ways yes, and in other ways no. I expect that they will provide more security services thatcan be configured to make the systems more secure in various environmentsnot all environments,though! I also expect that the main problem for securing systems will be configuration, operation, andmaintenance, though, and those problems will not be overcome in a decade, because they are primarily

people problems and not technical problems.

What advice can you offer students who are seriously interested in creating secure softwaresystems?

Focus on all aspects of the software system. Identify the specific requirements that the software systemis to solve, develop a security policy that the software system is to meet (and that will meet therequirements), design and implement the software correctly, and consider the environment in whichit will be used when you do all this. Also, make the software system as easy to install and configure aspossible, and plan that the users will make errors. People aren't perfect, and any security that dependsupon them doing everything correctly will ultimately fail.