The art of computer security
Mine Altunay views computer security as an artform.
Programs evolve and hacker tricks change, making tests for security quickly out-dated. She has to anticipate the future.
“It isn’t very technical, more like art,” said Altunay, who came to Fermilab from North Carolina State University. “If you ask someone how secure their computer is, they can’t say with a 100 percent degree of confidence.”
Altunay’s way of thinking outside the box and her friendly nature serve her well as part of Fermilab’s computer security team and head of Open Science Grid’s cyber security, which focuses on networking and grid security.
“Technology and the attacks change so quickly that it is hard to keep up,” Altunay said. “If we were writing guidelines, they would be obsolete by the time we were done with them.”
For Fermilab, Altunay works to understand the laboratory’s infrastructure, particularly how it serves wide-spread collaborations. As OSG cyber security head, Altunay works as part of a DOE-sponsored initiative to figure out the best way to protect the grid.
In both roles, Altunay aims to protect the computer system, but OSG security requires a unique approach.
“On individual computers, it is easy to maintain security. You know who is using it. But on the Grid, you have no control, you don’t know if the patches are applied,” Altunay said.
To outsmart the hackers, Altunay is melding risk management with traditional security tactics.
She and colleagues at other DOE laboratories work to understand vulnerabilities in open science collaborations involving labs. They study how an attack would affect the machines and try to come up with a mathematical model of risk management and containment of attacks.
“We’re working to see if we can turn the more art-based scenario into a scientific one,” she said.
Computer security involves making sure that all computers have the necessary patches and upgrades, constantly checking for vulnerable areas and anticipating an attacker’s next move. Although no system can be completely protected, understanding and quantifying the risk and the security are very important goals. “Once we can understand what we have in our hands, then we can work against the attacks,” said Altunay.
-- Rhianna Wisniewski