What Could Possibly go Wrong?

Abstract

There are many more things with moving parts in the world than computers. These are the objects that are being connected, initially artefacts, but also the natural world. They are connected both by being sensed, and via actuators. For a true Internet of things to emerge with all its potential value for innovation in efficiencies, the sensors and actuators must actually be reachable from anywhere, anytime, just like computers on today's internet. And they must be locally and remotely programmable. Of course, there must be mechanisms to implement policies about access and use. However, these policies are complex, since they don't merely reflect informational rules, but also rules about the physical world - a car may be restricted to certain speeds in certain areas, but also to different speeds and areas at different times, due to the driver. Unfortunately, in the rush to instrument and control the world of things, the complexity of the world seems to have been forgotten. Worse, the typical system software being deployed in many places does not reflect the last few decades evolution of safety and security work that has gone in to the implementation of operating systems and protocols. All too often, we here another system uses an embedded OS with no isolation or a protocol stack with known vulnerabilities, or is shipped with default access control credentials to millions of customers. This is not good enough. In this talk, I will cover some of the work we've been doing in the Microsoft sponsored project in Cambridge and QMUL, on the technical and legal challenges that are now facing our community.