A system without accurate and complete adversary definition cannot possibly be insecure. Without such definitions, (in)security cannot be measured, risks of use cannot be accurately quantified, and recovery from penetration events cannot have lasting value. Conversely, accurate and complete definitions can help deny the adversary any attack advantage over a system defender and, at least in principle, secure system operation can be achieved. In this talk, I argue that although the adversary’s attack advantage cannot be eliminated in large commodity software (i.e., for “giants”), it can be rendered ineffective for small software components with rather limited function and high-assurance layered security properties, which are isolated from giants; i.e., for “wimps.” However, isolation cannot guarantee wimps’ survival in competitive markets, since wimps trade basic system services to achieve small attack surfaces, diminish adversary capabilities, and weakened attack strategies. To survive, secure wimps must use services of, or compose with, insecure giants. This appears to be “paradoxical:” wimps can counter all adversary attacks, but only if they use adversary-vulnerable services from which they have to defend themselves.

In this talk I will illustrate the design of a practical system that supports wimp composition with giants, and extend the wimp-giant metaphor to security protocols in networks of humans and computers where compelling (e.g., free) services, possibly under the control of an adversary, are offered to unsuspecting users. These protocols produce value for participants who cooperate. However, they allow malicious participants to harm honest ones and corrupt their systems by employing deception and scams. Yet these protocols have safe states whereby a participant can establish (justified) beliefs in the adversary's (perhaps temporary) honesty. However, reasoning about such states requires techniques from other fields, such as behavioral economics, rather than traditional security and cryptography.

Virgil D. Gligor received his B.Sc., M.Sc., and Ph.D. degrees from the University of California at Berkeley. He taught at the University of Maryland between 1976 and 2007, and is currently a Professor of Electrical and Computer Engineering at Carnegie Mellon University and co-Director of CyLab, the University’s laboratory for information security, privacy and dependability. Over the past forty years, his research interests ranged from access control mechanisms, penetration analysis, and denial-of-service protection to cryptographic protocols and applied cryptography. He was a consultant to Burroughs Corporation, IBM, Microsoft and SAP. Gligor was an editorial board member of several ACM and IEEE journals and the Editor in Chief of the IEEE Transactions on Dependable and Secure Computing. He received the 2006 National Information Systems Security Award jointly given by NIST and NSA, the 2011 Outstanding Innovation Award of the ACM SIG on Security Audit and Control, and the 2013 Technical Achievement Award of the IEEE Computer Society.