dr Jan Joris Vereijken

Biography

Jan Joris Vereijken studied computer science at Leiden University (M.Sc., 1993) and Eindhoven University of Technology (Ph.D., 1997), focusing on formal languages, automata theory, concurrency, and algebraic protocol validation.

After leaving academia in order to pursue more practical endeavors, he was employed by Lucent Technologies’ Bell Labs as a software developer in their network systems division. In 2001, after the internet bubble burst, he found himself at ING, the Dutch banking conglomerate. In his current role there, he is Chief Security Architect, responsible for the security architecture in the 35-odd countries where ING has banking operations.

Dr. Vereijken lives in downtown Amsterdam, together with his wife Tieleke and three lovely cats.

Presentation: Would my mother get this right? Designing secure systems for normal people.

Ten years ago, security was simple: if you spinkled your systems with enough crypto, virus scanners, and firewalls, you could create the correct size of castle for the type of jewels you were guarding. As more and more ordinary people (let us call them “normal people”) started using computers and the internet, security experts quickly discovered that security is to a large extent about getting normal people to behave sensibly. The essential question became “would my mother get this right?”

Picture your mother logging in to the her on-line banking system. Does she know about Trojans? About challenge response? About DNS queries? No! By using no more than her common sense, she hopes to do her banking in a secure way. That is not a unreasonable expectation of hers.

Fraudsters understand very well how normal people think, and abuse this effectively. They will subtly manipulate their victims into doing things that look innocent to normal people, but are in effect dangerous. We, security experts, should draw inspiration from this: we should subtly manipulate normal people as well. Manipulate them into doing the right thing, the thing that is secure.

In this presentation, we will look at a large number of security mechanisms, and judge them by the simple question “Would my mother get this right?”. We will learn that there’s still a world to be gained in making systems more secure.