## Tuesday, July 3, 2012

### Retroactive Security

The second invited talk at the CSF conference has been given by Butler Lampson, Microsoft Research.
The talk gave an interesting point of view about retroactive security as opposed to the desire of reaching perfect security which tries to avoid any possible malicious attack in advance.

The audience listened with a fair degree of astonishment!

The main point of Butler was that fifty years of security based mainly on access control means, has been a failure. Therefore, he proposes to learn from real life and then apply proactive security: burglars are not scared of locks but of punishments he remarked. In real life, the financial system is 'secure' mainly because almost any transaction can be undone and intruders likely go to jail.

In Butler's opinion the role of access control should be much more coarse-grained while authentication and auditing are very much needed. To those that asked how to handle some particular critical scenarios Butler replied that retroactive security will not be perfect, but it will lead to a better situation than that we have now.