Past Event

George Yee will be giving an online seminar titled “Designing Secure Software, Applying Security Controls Intelligently, and Ensuring Sound Security Metrics.”

Seminar Abstract:

In this talk, I will give an overview of results from my three main areas of security research, namely, designing secure software, applying security controls intelligently, and ensuring sound security metrics.

To design secure software, I propose methods for reducing the attack surface of a software system. The methods are applied to a data flow diagram of the system at an early stage in development. The attack surface is demonstrably reduced resulting in a more secure system. Security controls are often applied haphazardly, without considering their reliability, the priority of vulnerabilities, or a security control’s effect on the overall security posture of the organization. I describe a model that links the reliability of the security controls to the overall security level of the organization. I then combine this model with a method to prioritize vulnerabilities, using this combination to apply security controls more intelligently. Finally, security metrics may be badly formulated resulting in false conclusions regarding security. I describe three conditions that a security metric must satisfy in order to be sound. The conditions may be used to test security metrics for soundness or to construct security metrics that are sound.

Share: Twitter, Facebook
Short URL: https://carleton.ca/rads/?p=358