ABSTRACT
Progress in internet security seems to be made only under extreme provocation.
Despite widespread knowledge of widespread vulnerabilities, little seems to be
done until a widespread outbreak of malicious activity. The Morris worm of 1988
should have been a wakeup call for the internet community as a whole, but its
impact was limited. The fact that the same kinds of vulnerabilities exploited
by the Morris worm are still rampant in code today should be a cause for lasting
shame in the internet and software development communities, however they are
more likely to be accepted as inevitable today than they were then. In this
talk, we will review some of the more interesting outbreaks and speculate on the
culture of vulnerability that seems to permeate the community. One factor that
seems to be implicated is an over reaction to early efforts to build "Fortress"
systems. We may have abandoned all hope of security in the face of a lack of
"perfect' security.
BIOGRAPHY
John McHugh is a professor and Canada Research Chair in Privacy and Security at
Dalhousie University in Halifax, NS where he also directs the Privacy and
Security Laboratory. Before joining the faculty at Dalhousie, he was a senior
member of the technical staff at the CERT Coordination Center, part of the
Software Engineering Institute at Carnegie Mellon University where he did
research in survivability, network security, and intrusion detection. Dr.
McHugh was also professor and chairman of the Computer Science Department at
Portland State University in Portland, Oregon where he held a Tektronix
Professorship. He has been a member of the research faculty at the University
of North Carolina and has taught at UNC and at Duke University. Dr. McHugh
received his PhD degree in computer science from the University of Texas at
Austin. He has a MS degree in computer science from the University of Maryland,
and a BS degree in physics from Duke University.