ABSTRACT

Progress in internet security seems to be made only under extreme provocation. Despite widespread knowledge of widespread vulnerabilities, little seems to be done until a widespread outbreak of malicious activity. The Morris worm of 1988 should have been a wakeup call for the internet community as a whole, but its impact was limited. The fact that the same kinds of vulnerabilities exploited by the Morris worm are still rampant in code today should be a cause for lasting shame in the internet and software development communities, however they are more likely to be accepted as inevitable today than they were then. In this talk, we will review some of the more interesting outbreaks and speculate on the culture of vulnerability that seems to permeate the community. One factor that seems to be implicated is an over reaction to early efforts to build "Fortress" systems. We may have abandoned all hope of security in the face of a lack of "perfect' security.

BIOGRAPHY

John McHugh is a professor and Canada Research Chair in Privacy and Security at Dalhousie University in Halifax, NS where he also directs the Privacy and Security Laboratory. Before joining the faculty at Dalhousie, he was a senior member of the technical staff at the CERT Coordination Center, part of the Software Engineering Institute at Carnegie Mellon University where he did research in survivability, network security, and intrusion detection. Dr. McHugh was also professor and chairman of the Computer Science Department at Portland State University in Portland, Oregon where he held a Tektronix Professorship. He has been a member of the research faculty at the University of North Carolina and has taught at UNC and at Duke University. Dr. McHugh received his PhD degree in computer science from the University of Texas at Austin. He has a MS degree in computer science from the University of Maryland, and a BS degree in physics from Duke University.