This talk is by Dr. Fred Schneider.
Cybersecurity today is focused largely on defending against known attacks. We learn about the latest attack and find a patch to defend against it. Our defenses thus improve only after they have been successfully penetrated. This is a recipe to ensure some attackers succeed—not a recipe for achieving system trustworthiness. We must move beyond reacting to yesterday’s attacks and instead start building systems whose trustworthiness derives from first principles. Yet, today we lack such a science base for cybersecurity. That science of security would have to include attacks, defense mechanisms, and security properties; its laws would characterize how these relate. This talk will discuss examples of such laws and suggest avenues for future exploration.
Security is a difficult question for all the systems. The philosophy aspect of security is also an important question every scientist in this area want to answer perfectly.
CIA(confidentiality, integrity, and availability) is the basic principle for security. There is a possibility that scientists can design a law to define the security, which is the ultimate goal in this area. If this is done, every system can make sure its security by obey this laws.