Professor Calls for New Approaches in Improving Cyber SecurityContact: Angie Chen
|Ruby Lee, Ph.D., draws similarities between computer systems and human systems.
Photo by Bruce Gilbert
In an age when cyber attacks are growing more complex and severe, a computer science expert who spoke at Fordham advocated the development of four cutting-edge technologies to improve cyber security.
Ruby Lee, Ph.D., a professor of electrical engineering and computer science at Princeton, offered her suggestions on Aug. 3 at the International Conference on Cyber Security. They include:
• enabling trustworthy spaces. Because it is infinitely complex to secure entire systems from top to bottom, trustworthy spaces are sub-levels of cyberspace that are designed to protect systems’ most valuable information.
"Security is seen as a static castle with moats around it," Lee said. "With trustworthy spaces, even if the castle is torn down, data in the critical operations is secure and impenetrable inside of this bubble."
• using hardware trust anchors. These independent pieces of hardware provide secure access to systems. Some may even monitor systems and detect any illicit changes.
Lee pointed out a system in which hardware is split into several parts to ensure greater security. However, she added that such a model is not perfect. "It does not fully protect despite the split," she warned.
• creating moving targets—systems that change constantly to limit their vulnerability to attack, while increasing hackers' uncertainty, cost and risk.
"Today, once an attacker has penetrated one system, he or she can attack any number of systems in that same way," Lee said. "Tomorrow, we want every system to look different to an attacker."
One of her key ideas is to use randomization when designing systems in conjunction with the moving targets. While using randomization alone for security is unsecure, she said, when applied with a more fully realized moving-target approach, it is more effective.
• promoting responsible corporate cyber security through economic incentives. Such incentives will create motivation to maintain up-to-date system security in the ever-changing environment of malware and attacks.
The problem, however, is that there are no reliable metrics for gauging the security of a system.
"Tomorrow’s systems must know that there will be system vulnerabilities even in the most heavily constructed systems." she said. "We need to constantly design strategies and map out tactics that can be resilient in this kind of environment."
In addition, Lee presented a design challenge: to improve cyber security without compromising performance, energy, consumption, cost or usability.
In describing the wide scope of cyber security, she compared computer viruses to those in humans. Viruses are consistent and never completely eradicated, as they can lie dormant for a long time.
"There is never going to be a solution that once and for all solves the problem of security," Lee said. "So computers must be likened to the human body, which carries bacteria and viruses that do not prevent it from functioning productively and normally."
Founded in 1841, Fordham is the Jesuit University of New York, offering exceptional education distinguished by the Jesuit tradition to approximately 14,700 students in its four undergraduate colleges and its six graduate and professional schools. It has residential campuses in the Bronx and Manhattan, a campus in Westchester, the Louis Calder Center Biological Field Station in Armonk, N.Y., and the London Centre at Heythrop College in the United Kingdom.