2011-04-20 CERIAS - Semantic Security: or How I Learned to Stop Worrying and Looooooove the...
CERIAS Security Seminar at Purdue University
"Semantic Security: or How I Learned to Stop Worrying and Looooooove the...
Jose Fernandez, Montreal Polytechnic
My late friend Robert Garigue, a pioneer of Information Warfare and one of the most original and visionary corporate Chief Information Security Officer, first described the notion a "semantic attack" as the eventual non plus ultra in the hacking arsenal. Semantic attacks do not target directly the information-carrying or information-bearing portions of a system, but rather those components of the system that give it meaning and value; i.e. the semantic components that help us, among other things, establish and maintain truth and trust. When Garigue first coined the phrase "Hack not system, hack the belief system" many of us misinterpreted this as a cry for addressing the non-electronic non-technological "soft" components of the system, i.e. humans and their decision making cycles. In fact, social engineering, phishing attacks and other forms of internet-based cons are in some sense instances of such cyber-mediated attacks on the"meat computers" we have in our brains. However, reality is fast catching up with Science Fiction, and our decision making whether as citizens in a democracy, consumers, military leaders, politicians, businessmen and even intellectuals, is increasingly depending on Internet-based sources and systems. Our increased use and reliance on search engines, social networks, blogospheres, wikis and other non traditional media, for our daily decision making has made it such that an increased portion of the semantic system is computer-based. How are we to define, evaluate or measure the security of these new cybernetic semantic components? Join me on a highly speculative tour of "Semantic Security" (tm), a new subfield of Computer Security, ripe with lots of low-hanging, easily solvable research problems. Believe me!!
Dr. Fernandez became an assistant professor in the Department ofComputer & Software Engineering at the â�¦cole Polytechnique de MontrÃ�al in 2004, time at which he forsook all previous research attempts in Quantum Computing, Computational Complexity and Cryptography (he was just not that good at it). He now heads the laboratory for Information Security Research (Lab SecSI, in French), where his current research interests include malware analysis, botnet command and control, denial of service attacks, intrusion detection, security product testing methodologies, security and integration of logical and physical access control systems, semantic security and theory of cyber conflict. He holds bachelors in Math and in Computer Engineering from MIT, a Master's from University of Toronto, and a Ph.D. from Universite de Montreal. (Visit: www.cerias.purude.edu)