IT Forum 2004: Microsoft states formula for trustworthy computing

 

Gallery

By Alun Williams, Copenhagen

Posted on 16 Nov 2004 at 17:01

TwC = SD³ + c. This is the formula for Trustworthy Computing (TwC) that was restated by Scott Charney in his keynote at IT Forum 2004.

Charney is the head of Microsoft's Trustworthy Computing Initiative and he was outlining 'the guiding principles of trustworthy computing in a dangerous world'. The SD³, for those of you who are wondering, stands for security by design, by default and by deployment, and Charney extended the principle to other pillars of the company's much-publicised initiative, such as Privacy, Reliability and Business Integrity. The '+ c', by the way, stands for 'and communication'.

Tracing the development of cyber crime and security threats from an early Unix worm to phishing attacks by organised criminals, he emphasised the sluggishness of markets to recognise the importance of tackling security. It was 11 September 2001 - and the effect of cascading failures once one network fails - that has motivated governments and commerce to take this field more seriously.

With 'time to exploit' decreasing for known flaws (from 390 days before Nimda exploited a known flaw, to Woody Worm exploiting a known vulnerability within 48 hours. He cited the Internet as 'a great medium for committing crime', with its relative anonymity and lack of traceability.

To tackle security 'by design' he cited the need for better awareness of developing secure code and adopting strategies such as the 'doctrine of least privilege' necessary for processes to run. The issue of security by default relates more straightforwardly to not enabling all features for all users, as this was not even necessary let alone desirable. Finally, in terms of deployment and communication, he claimed Microsoft were now better at giving prescriptive guidance and supplying better management (and patch management) tools.

Covering the subject, of privacy he stated that security and privacy 'may be synergistic or antagonistic', quoting the example of security checks being invasive in terms of people's actions on a network: knowledge of who did what when is important for security but may impinging on privacy.

'What constitutes an "invasion of privacy" may be unclear and may be dependent on local laws and customs,' he maintained. 'There is not a clear, fact-dependent definition.'

Furthermore, the value of information is in the use we put it to - it can't just sit in static storage - it has to be accessed and analysed. The implication was clear: privacy will inevitably be secondary to security. As an example for how compromise could be reached, he gave the example of databases such as SQL Server and how the more granular the division of data the greater the possibility of elements of data remaining private (all data need not be accessed for the sake of one part of the data).

Recent 'privacy enabling' technologies introduced by Microsoft that he listed included anonymous Windows Error Reporting, greater respect for privacy in Windows Media Player 9 (and 10) for not communicating user profiles, and the increased spam blocking efforts of Outlook 2003 (unwanted emails compromise our privacy).

As for reliability, again, he stated that there can be one single definition and that it would vary group by group. In the case of computing, he described the state of computing as 'machines built by geeks for geeks that can, by design, run any code'. This made conditions for a very inter-connected and vulnerable industry: 'the computing ecosystem,' he declared, 'is a "system of systems"'.