Mate Soos has been working both in industry as an IT security expert, and in research, working on formal methods. In industry, he has worked from low-level chip reverse engineering, staring through the microscope at a microprobed chip, through GPGPU-based cipher reversing, all the way to designing the cloud security of large firms. Within the scope of his research, he has been working on SAT and SMT solving, model counting, and uniform sampling. The two aspects of his work have sometimes coincided, e.g. when breaking the Mifare cipher using a specially-designed SAT solver, or when using SMT solvers to prove correctness of digital contracts. Lately, he's been interested in safety engineering, bringing notions from the extensive safety literature to the IT security world.
In IT security we have been preoccupied with failures, with things that go wrong, and so we count the negatives -- the times when we failed. How about we seriously started counting the positives? More importantly, what if by adding more and more constraints to avoid the holes we have found, we are also removing the positive capacities in the system, thereby hurting our chance of success more than we hurt our chance of failure? In this talk, I will try to highlight how IT security could be done differently, by trying to focus on what goes right, rather than only focusing on what goes wrong, learning from our successes, and reinforcing them, so when next time the storm comes, we will have enough positive slack in the system to withstand the attack.