Why is security difficult to achieve?

In this presentation we consider some of the issues that make security difficult to achieve in real life. We are interested in answering such questions as "Why is it the case that most products use secure cryptography and yet they are not secure at all?" or "Why do we hear of so many broken systems on the news every day?" and "What are some of the issues that should affect good security design?"

 

We start by analysing attack trends in today's networked environments and then move on to discuss  some common security pitfalls appearing in today's "secure" systems, including attacks against the user, security models, implementations, and so on. Finally, we conclude this presentation by talking about good designs, i.e. what should be some of the principles that should guide us in the development of a secure system?