Fordham Notes: Princeton Professor Champions Secure Hardware at ICCS

Thursday, August 8, 2013

Princeton Professor Champions Secure Hardware at ICCS

Ruby B. Lee, Ph.D. 
Even though security for computers has gone to the forefront of conversations from boardrooms to halls of congress, little has been done to the hardware to prevent infiltration, said Ruby B. Lee, Ph.D., the Forrest G. Hamrick Professor of Electrical Engineering and Computer Science at Princeton University.

"Computers are the engines of the information age, but security was never part of the basic computer design," said Lee.

Speaking at the final day of ICCS2013, Lee said that the drive behind designing computer architecture was to lower cost and increase performance. As a result, the response to computer threats has been to slap protection software on top of other software, as opposed to building security into the hardware of the machines.

Lee added that cloud computing and smartphones have only complicated an already-complex problem. As users access cloud-based programs, can the programs be trusted to not send out sensitive information? When users download new apps, they're frequently asked to provide access to an address book or GPS. Can those third-party developers who often write code for the apps be trusted? Today, Lee said, the hardware is not designed to protect from such challenges.

This inability to trust operating systems could be mitigated through data safety incorporated into the machine. Encrypted data packages could allow coordinated users to share data, but seal it from hackers. Only data-safe machines with authorized users would be able to communicate the information. Of course, with only data-safe machines being able to communicate, the users' base would be very limited. To make it commercially viable, Lee said, consumers need to press hardware vendors to build security into the foundation of their products.

On the cloud level, Lee envisioned enhanced data protection via "secure enclaves." But as it stands now, the risks remain high.

"It could be that you'd be running your machine on the same server as a hostile user," said Lee. "We must make the cloud as secure as your own dedicated facility."
-Tom Stoelker

No comments: