Unleash the Power of XML and Meta-Data

Part of the problem of securing business online is that the risk is often invisible. In the physical world, visual clues exist to help us discern who's a legitimate merchant and who's a crook. We know which neighbourhoods to go to and which ones to avoid.

Several people suggest using XML and meta-data to tag Web sites with safety, reputation, past performance and other security ratings to act as signposts for dangerous cyberneighbourhoods. A virtual Better Business Bureau could manage the data so that when users visit a Web site, their computers pull down the XML meta-data about that site. The data might tell the browser to go ahead and load the page because this really is a bank's Web site, their reputation is good, and they use strong encryption and have appropriate privacy policies. At bad sites, the browser would simply deny the page load, thereby preventing a phishing scam or some spyware from being installed on the user's system.

Setting up that independent managing body to not only create the meta-data criteria but to manage it, too, would be a huge job. But it would protect us from our blindness to online warning signs in profound ways.

Dictate What Software Shouldn't Do

Specs rule the development process. They dictate what a new software application should do, yet they rarely include what an application shouldn't do - like run code by itself or allow anonymous access or allow the destruction of data because of bugs. What if, from now on, all specs documents were required to include anti-requirements, such as a laundry list of common features, potential unintended consequences and bugs that the application must actively eliminate from occurring before the product ships?

Start a Virtual Big Dig

In Boston in the late 90s, the main highway through town was rebuilt as a tunnel while the old road remained open. Engineers compared it to open heart surgery on a patient going about his business. It was called The Big Dig.

It disrupted commuters some, took too long to complete, cost far too much, and the new tunnel leaks a bit. Still, as a feat of engineering, it mostly worked. One of the most radical and ambitious Big Ideas is to build a new, secure Internet parallel to the old one and, over time, move everyone over to the new network. A virtual Big Dig, perhaps part of our Manhattan Project.

Let's be clear: Internet2 is probably not this parallel network. Vint Cerf notes that the point of Internet2 - which is an advanced network for the research community that can classify traffic and do other cool things the Internet can't - is to become the sandbox for researchers that the Internet originally was, before it was consumed by the commercial sector.

Cerf himself has mixed feelings about a new parallel network being developed. "Boy, it's hard to tell how that would work," he says. "We're seeing things like overlays - protocols and procedures that overlay the existing Internet and do networking in ways different than the Internet does it. Hey, the Internet itself was an overlay of ARPAnet." Gregg Mastoras, a senior security analyst at antivirus vendor Sophos, suggests that we could bifurcate networks so that there's a public network (like today's) and then a business network, for which you would have to register and agree to rules in order to be licensed to use.

There's no question new public networks would be monumental undertakings. Wolf at the NSA, for example, is part of the Global Information Grid (GIG) project - essentially the US DoD's effort to build a secure network for all of defence and intelligence to share. He gets to build security into this network from the beginning, exactly what would have to happen for a new secure Internet to be built. Version 1 of Wolf's Information Assurance plan for GIG was 3600 pages and included requirements for 117 technologies in various stages of development.

But if an alternative secure network could be built, it would create a tectonic shift in security and tip the vulnerability scale in favour of the good guys. Even if it leaked a little.

Make Computers Disposable

James Whittaker, author of How to Break Software and co-author of How to Break Software Security, proposes that everyone should have two computers - one permanent and one disposable. We should note that Whittaker doesn't mean the box is disposable, but rather the information in that second system is fungible. Think of cash transactions. Short of a receipt, when they're over, they're over. In some ways, that's a security feature.

"It would likely be two processors in one box," Whittaker explains. "The main processor is your PC, where you do all your work up to the point of transaction. The second computer would stay blank until you were ready to make your transaction. It would handle the transaction and then, once you were done, flash back to its blank state."

Whittaker takes this further and suggests that, like phone cards, people could buy Internet transaction cards with disposable authentication so that they're not putting credit card numbers online, and no one at the other end is storing them either. "Sure, there are tremendous programming and architecture challenges here, but I think that would be fun."

Vint Cerf, so-called father of the Internet and acknowledged big thinker, echoed Whittaker's idea when talking about the need for a certificate infrastructure on the Internet. "The problem has always been, certificate revocation is a [pain]," Cerf says. "Some people are now saying instead of dealing with revocation of credentials at all, you simply throw out the certificate once it's used. And every time you have to validate, you do it again."

The cost, of course, is time and convenience to the person who has to reauthenticate for every transaction. Then again, that's better than having your identity stolen. Disposable transactions would redefine the Internet and completely upset the balance of power online, where hackers have feasted on insecure transactions chiselled forever in digital stone.