Security is broken: the past, present and future

Our computer security model is broken. Worse yet, it never really has worked at all well, and is even less suitable for today’s uses.

This talk explores the history behind the design of the current security both in hardware and operating systems. Instead of evolving a more secure model over time, system designers have actually managed to make things worse, creating insecurity in depth. Most of today’s systems are single user machines: certainly desktops and laptops, but also most servers. The current security model was not designed to protect users from themselves, and this goes a long way towards understanding why security is so difficult. It ends by looking at strategies for improving security – but no real solutions. The point is to start thinking outside of the box, while adopting best practices today. What we have done in the past has not worked, and can not work. We need to look at the security model in a new way, and that is the real point of this presentation.