Seminar

Beyond “Zero Trust” in Commodity Software Systems

DISI Seminar 2024
7 June 2024
Start time 
11:00 am
Polo Ferrari 1 - Via Sommarive 5, Povo (Trento)
Room A224
Organizer: 
Department of Information Engineering and Computer Science
Target audience: 
University community
UniTrento students
Attendance: 
Free
Contact person: 
prof. Bruno Crispo
Speaker: 
Virgil D. Gligor, Carnegie Mellon University (USA)

Abstract 

We review the basic notions of trust, trust minimization, zero trust, and trust establishment. We show that zero trust impossible in any enterprise network and has meaning only as an unreachable limit of trust establishment. Then what is a zero-trust architecture (ZTA)? We present the key characteristics ZTAs and show that they have low breach-prevention value and that their goal of limiting the effects of security breaches (i.e., “lateral” adversary movement) is often unachieved. 
In view of these observations, we are asking how to increase breach-prevention value and further decrease breach-recovery costs for rational defenders (e.g., enterprises) that have already employed ZTAs and advanced AI/ML tools. We introduce the notion of selective high assurance for commodity software and show that it is economically justified for producers and necessary for rational defenders. We address the challenge of finding an economic value of selective high assurance and illustrate an example of how to do it in practice. 

About the speaker

Virgil D. Gligor is a Professor at Carnegie Mellon University. His research interests have ranged from access control mechanisms, penetration analysis, and denial-of-service protection to cryptographic protocols and applied cryptography. He was an associate editor of several ACM and IEEE journals and the editor in chief of the IEEE Transactions on Dependable and Secure Computing. He received the 2006 National Information Systems Security Award jointly given by NIST and NSA, the 2011 Outstanding Innovation Award of ACM SIGSAC, and the 2013 Technical Achievement Award of IEEE Computer Society. He was inducted into the National Cyber Security Hall of Fame in 2019.