"Semantic Security: or How I Learned to Stop Worrying and Looooooove the Internet"
Jose Fernandez - Montreal Polytechnic
Apr 20, 2011Size: 445.8MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractMy late friend Robert Garigue, a pioneer of Information Warfare and one of the most original and visionary corporate Chief Information Security Officer, first described the notion a "semantic attack" as the eventual non plus ultra in the hacking arsenal. Semantic attacks do not target directly the information-carrying or information-bearing portions of a system, but rather those components of the system that give it meaning and value; i.e. the semantic components that help us, among other things, establish and maintain truth and trust. When Garigue first coined the phrase "Hack not system, hack the belief system" many of us misinterpreted this as a cry for addressing the non-electronic non-technological "soft" components of the system, i.e. humans and their decision making cycles. In fact, social engineering, phishing attacks and other forms of internet-based cons are in some sense instances of such cyber-mediated attacks on the
"meat computers" we have in our brains. However, reality is fast catching up with Science Fiction, and our decision making whether as citizens in a democracy, consumers, military leaders, politicians, businessmen and even intellectuals, is increasingly depending on Internet-based sources and systems. Our increased use and reliance on search engines, social networks, blogospheres, wikis and other non traditional media, for our daily decision making has made it such that an increased portion of the semantic system is computer-based. How are we to define, evaluate or measure the security of these new cybernetic semantic components? Join me on a highly speculative tour of "Semantic Security" (tm), a new subfield of Computer Security, ripe with lots of low-hanging, easily solvable research problems. Believe me!!
About the SpeakerDr. Fernandez became an assistant professor in the Department of
Computer & Software Engineering at the …cole Polytechnique de MontrÈal in 2004, time at which he forsook all previous research attempts in Quantum Computing, Computational Complexity and Cryptography (he was just not that good at it). He now heads the laboratory for Information Security Research (Lab SecSI, in French), where his current research interests include malware analysis, botnet command and control, denial of service attacks, intrusion detection, security product testing methodologies, security and integration of logical and physical access control systems, semantic security and theory of cyber conflict. He holds bachelors in Math and in Computer Engineering from MIT, a Master's from University of Toronto, and a Ph.D. from Universite de Montreal.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.