An Airbag for the Operating System – A Pipedream? - Prof. Dr. Norbert Pohlmann

An Airbag for the Operating System – A Pipedream?


M. Linnemann, N. Pohlmann:,
“An Airbag for the Operating System – A Pipedream?”,
ENISA Quarterly Vol. 3,
No. 3,
July-Sept 2007

We have all become accustomed to fastening our seatbelt in the car, moving the seat to the right position and adjusting the mirrors correctly, but the most important safety features are the small technical refinements installed in the car: the anti-lock braking system (ABS), ESP and the airbags. As soon as the situation becomes dangerous these safety systems are activated and protect us against serious damage or injury. Why are there no such safety mechanisms for computer operating systems which we also use on a
daily basis?

IT Safety versus Safety in the Car
There are many security tools which help us to detect and protect ourselves against harmful software. However, virus scanners and firewalls have to be properly configured and maintained. They do not therefore offer automated security. While it is rare for motorists to be attacked directly or intentionally put into dangerous situations, repeated attacks in the IT
world on all computer systems that are connected to the Internet are an everyday occurrence. Currently it takes an average of approximately six minutes until an unprotected computer system is infested with malware.
Developments in the IT field occur several times faster than in the automobile industry, for example. The complexity of established operating systems is increasing continually in order to meet the rising demands of the information and knowledge society. However, the proneness to errors also increases disproportionately with this complexity. This fact is underlined daily by the large number of patches and safety updates.
It is always easy to recognize one’s own car by its colour, make, shape and number plate, with the key being the ultimate means of authentication of the driver with respect to the vehicle. In the IT world we use passwords or security tokens for our authentication with respect to a computer system, but a computer system does not provide any authentication of itself with
respect to us.
By the same analogy, we are not able to determine whether we are sitting in the right car and whether the car will also brake when we press the brake pedal.

kostenlos downloaden
An Airbag for the Operating System – A Pipedream? Prof. Dr. Norbert Pohlmann - Cyber-Sicherheitsexperten