Perfect software doesn’t have bugs, and therefore doesn’t have unexpected behaviors that lead to security vulnerabilities. If you only use perfect software, then you never need to patch, can never be exploited, and any security breaches are a result of your own operational errors. However, with the exception of a couple of fine applications from DJB, there are precious few programs that approach this level of software perfection, creating something of a supply problem for people who desire secure systems.
Therefore, we need a Plan B: some way to make our systems survive the inevitable software defects that come from using large scale commodity software. This approach goes by many names: DARPA has called it “survivability”, the security market has called it “intrusion prevention”, and classical security research has called it “secure design” J
By whatever name, defending systems against component vulnerabilities has been my life’s work in computer security. Here are a selection of papers from the last 10 years:
"StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks". Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. Published in the proceedings of the 7th USENIX Security Symposium, January 1998, San Antonio, TX. PDF.
"Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade". Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole. DARPA Information Survivability Conference and Expo (DISCEX), Hilton Head Island SC, January 2000. Also presented as an invited talk at SANS 2000, Orlando FL, March 2000. PDF.
"Linux Security Modules: General Security Support for the Linux Kernel". Chris Wright, Crispin Cowan, Stephen Smalley, James Morris, and Greg Kroah-Hartman. Presented at the 11th USENIX Security Symposium, San Francisco, CA, August 2002. PDF.
"Timing the Application of Security Patches for Optimal Uptime". Steve Beattie, Seth Arnold, Crispin Cowan, Perry Wagle, Chris Wright, and Adam Shostack. Presented at the USENIX 16th Systems Administration Conference (LISA 2002), Philadelphia, PA, December 2002. Postscript. or ugly PDF.
"Defcon Capture the Flag: Defending Vulnerable Code from Intense Attack". Crispin Cowan, Seth Arnold, Steve Beattie, Chris Wright, and John Viega. Presented at the DARPA DISCEX III Conference, Washington DC, April 22-24 2003. Paper and Talk.
"Survivability: Synergizing Security and Reliability". Crispin Cowan. Book chapter in "Advances in Computers", Marvin V. Zelkowitz editing, Academic Press, 2004. Buy "Advances in Computers" 60 here. Chapter here PDF.
Now I have joined Microsoft, beginning a new phase in my career. The focus of this blog will be about my experiences enhancing Microsoft Windows security. It will not be about “Windows from a Linux perspective” however comparisons with Linux are likely to come up from time to time.Posts will be irregular, going up when I feel I have something to say, rather than forcing one out every fortnight just because some arbitrary schedule says that I have to.
Finally, a shout out to some folks who helped make this possible. To Adam Shostack, a long time friend and collaborator. To Michael Howard, a long time friend and new collaborator. To Richard Johnson, a new friend. And to Bruce Payette, the PowerShell guy, who’s been a close friend for 25 years. They get the credit, or the blame J for bringing me to Microsoft. Hang on, its about to get bumpy J