Printer Friendly

The complexity of computer security.

The complexity of computer security

"To a good approximation, every computer in the world is connected to every other computer -- with few exceptions," says Robert Morris, chief scientist at the National Security Agency. That level of sharing brings with it both great benefits and serious problems. Computer users can share information, resources and processing power. However, using the same links, they can destroy or alter a rival's data, eavesdrop on private communications or pass on insidious computer programs capable of proliferating like viruses, overwhelming networks and taking over computer operations.

Morris was on a panel of computer security experts appearing this week before the Computer Science and Technology Board at the National Academy of Sciences in Washington, D.C. The board is interested in initiating a study addressing computer security issues, especially those affecting the creation of a national computer network for research (SN: 6/18/88, p.394).

Most commercial computer systems -- from linked personal computers in an office to nationwide data networks--have weak controls on access and poor protection against accidental errors and intentional misuse, says Peter G. Neumann, a computer security specialist at SRI International in Menlo Park, Calif. Often, such system limitations and vulnerabilities are poorly understood.

"And the stakes are increasing dramatically," Neumann says. For instance, in December 1987, a seemingly innocuous Christmas message originating in West Germany spread into a network of IBM machines in the United States. The message sent copies of itself to everyone on any "infected" computer's mail distribution list, rapidly clogging and shutting down the network.

There's more to computer security than keeping out intruders, stopping computer viruses or averting misuse by insiders, several panel members insisted. It also means ensuring that computer systems work reliably, predictably and accurately.

The real problem is complexity, Morris says. Computer scientists have a hard time understanding and analyzing computer programs more than a few thousand lines long. When complicated software is combined with intricate electronic machines, elaborate communications systems and the quirks of users, a typical computer system represents an exceedingly high level of complexity. Such systems can fail in many different and unexpected ways.

"Simply put, modern-day, complex mechanisms do not work properly," Morris says. "We have to learn to cope with complexity."

Computer scientists now have techniques for proving mathematically that certain computer programs and microprocessor designs are correct. But that method is effective only for short programs and fails to address more general security concerns. Still missing are techniques for understanding what happens when tested and verified components are put together into a system. Without this kind of fundamental understanding, no one can guarantee that a given computer system will handle data correctly and safely.

"Any weak link allows someone to abuse the system," Neumann says. "It's dangerous to try to look for simple answers."
COPYRIGHT 1988 Science Service, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1988, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Author:Peterson, Ivars
Publication:Science News
Date:Sep 24, 1988
Previous Article:Tailored toxin targets HIV-laden cells.
Next Article:Discovery; TDRS and other plans.

Related Articles
A new computer security law.
Probing a computer productivity paradox.
Complex questions: the new science of spontaneous order.
What Internet teachnology makes best sense for today?
An army of one? In the war on terrorism, alliances aren't an obstacle to victory. They're the key to it.
The Info Mesa: Science, Business, and New Age Alchemy on the Santa Fe Plateau.
America's virtual empire: U.S. soldiers are great warriors, but unwilling imperial guards. If we want to secure our interests, we must draw on other...
New Journals from Elsevier & Elsevier Science.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters