Are the Real Limits to Scale a Matter of Science, or Engineering, or of Something Else? (Abstract only)

Ross Anderson

doi:10.1109/CSF.2016.41

Are the Real Limits to Scale a Matter of Science, or Engineering, or of Something Else? (Abstract only)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Summary form only given. As people get excited about the latest idea for "Big Data" and the "Internet of Things", computer people often shake our heads and say "It won't scale." Pessimism isn't always justified: we have been able to scale up quite a number of tasks, from connectivity through search to social media. But other applications are recalcitrant, from energy management to medical records. The conventional computer-science view is that scaling systems is about computational complexity; about whether the storage or communications required for a task grows more than linearly in the number of users. Over the past thirty years we've developed a pretty good theory of that, but we're learning that it's nowhere near enough. In this talk I present a complementary view, based on over thirty years' experience of security engineering, that the real limits to scale are usually elsewhere. Even where the data are manageable and the algorithms straightforward, things can fail because of the scaling properties of the social context, the economic model or the regulatory environment. This makes some automation projects much harder than they seem. When it comes to safety and privacy many of the attacks that are easy to do in the lab are rare in the wild, as they don't scale either. But others surprise us; no-one in the intelligence community anticipated a leak on the Snowden scale. In short, scaling is now a problem not of computer science but of systems engineering, economics, governance and much else. Conceiving problems too narrowly makes failure likely, while good engineering will require ever more awareness of context. The implications for research, education and policy bear some thought.

Original language	English
Title of host publication	2016 IEEE 29th Computer Security Foundations Symposium (CSF)
Pages	16-16
Number of pages	1
ISBN (Electronic)	978-1-5090-2607-4
DOIs	https://doi.org/10.1109/CSF.2016.41
Publication status	Published - 1 Jun 2016
Event	29th IEEE Computer Security Foundations Symposium 2016 - Lisbon, Portugal Duration: 27 Jun 2016 → 1 Jul 2016 Conference number: 29 http://csf2016.tecnico.ulisboa.pt/index.html

Publication series

Name	2016 IEEE 29th Computer Security Foundations Symposium (CSF)
Publisher	IEEE
ISSN (Electronic)	2374-8303

Conference

Conference	29th IEEE Computer Security Foundations Symposium 2016
Abbreviated title	CSF 2016
Country/Territory	Portugal
City	Lisbon
Period	27/06/16 → 1/07/16
Internet address	http://csf2016.tecnico.ulisboa.pt/index.html

Access to Document

10.1109/CSF.2016.41Licence: All Rights Reserved

https://ieeexplore.ieee.org/document/7536363Licence: All Rights Reserved

Cite this

@inproceedings{e4428983608c4a86b2152c22408558b7,

title = "Are the Real Limits to Scale a Matter of Science, or Engineering, or of Something Else? (Abstract only)",

abstract = "Summary form only given. As people get excited about the latest idea for {"}Big Data{"} and the {"}Internet of Things{"}, computer people often shake our heads and say {"}It won't scale.{"} Pessimism isn't always justified: we have been able to scale up quite a number of tasks, from connectivity through search to social media. But other applications are recalcitrant, from energy management to medical records. The conventional computer-science view is that scaling systems is about computational complexity; about whether the storage or communications required for a task grows more than linearly in the number of users. Over the past thirty years we've developed a pretty good theory of that, but we're learning that it's nowhere near enough. In this talk I present a complementary view, based on over thirty years' experience of security engineering, that the real limits to scale are usually elsewhere. Even where the data are manageable and the algorithms straightforward, things can fail because of the scaling properties of the social context, the economic model or the regulatory environment. This makes some automation projects much harder than they seem. When it comes to safety and privacy many of the attacks that are easy to do in the lab are rare in the wild, as they don't scale either. But others surprise us; no-one in the intelligence community anticipated a leak on the Snowden scale. In short, scaling is now a problem not of computer science but of systems engineering, economics, governance and much else. Conceiving problems too narrowly makes failure likely, while good engineering will require ever more awareness of context. The implications for research, education and policy bear some thought.",

author = "Ross Anderson",

year = "2016",

month = jun,

day = "1",

doi = "10.1109/CSF.2016.41",

language = "English",

isbn = "978-1-5090-2608-1",

series = "2016 IEEE 29th Computer Security Foundations Symposium (CSF)",

publisher = "IEEE",

pages = "16--16",

booktitle = "2016 IEEE 29th Computer Security Foundations Symposium (CSF)",

note = "29th IEEE Computer Security Foundations Symposium 2016, CSF 2016 ; Conference date: 27-06-2016 Through 01-07-2016",

url = "http://csf2016.tecnico.ulisboa.pt/index.html",

}

Anderson, R 2016, Are the Real Limits to Scale a Matter of Science, or Engineering, or of Something Else? (Abstract only). in 2016 IEEE 29th Computer Security Foundations Symposium (CSF). 2016 IEEE 29th Computer Security Foundations Symposium (CSF), pp. 16-16, 29th IEEE Computer Security Foundations Symposium 2016, Lisbon, Portugal, 27/06/16. https://doi.org/10.1109/CSF.2016.41

TY - GEN

T1 - Are the Real Limits to Scale a Matter of Science, or Engineering, or of Something Else? (Abstract only)

AU - Anderson, Ross

N1 - Conference code: 29

PY - 2016/6/1

Y1 - 2016/6/1

N2 - Summary form only given. As people get excited about the latest idea for "Big Data" and the "Internet of Things", computer people often shake our heads and say "It won't scale." Pessimism isn't always justified: we have been able to scale up quite a number of tasks, from connectivity through search to social media. But other applications are recalcitrant, from energy management to medical records. The conventional computer-science view is that scaling systems is about computational complexity; about whether the storage or communications required for a task grows more than linearly in the number of users. Over the past thirty years we've developed a pretty good theory of that, but we're learning that it's nowhere near enough. In this talk I present a complementary view, based on over thirty years' experience of security engineering, that the real limits to scale are usually elsewhere. Even where the data are manageable and the algorithms straightforward, things can fail because of the scaling properties of the social context, the economic model or the regulatory environment. This makes some automation projects much harder than they seem. When it comes to safety and privacy many of the attacks that are easy to do in the lab are rare in the wild, as they don't scale either. But others surprise us; no-one in the intelligence community anticipated a leak on the Snowden scale. In short, scaling is now a problem not of computer science but of systems engineering, economics, governance and much else. Conceiving problems too narrowly makes failure likely, while good engineering will require ever more awareness of context. The implications for research, education and policy bear some thought.

AB - Summary form only given. As people get excited about the latest idea for "Big Data" and the "Internet of Things", computer people often shake our heads and say "It won't scale." Pessimism isn't always justified: we have been able to scale up quite a number of tasks, from connectivity through search to social media. But other applications are recalcitrant, from energy management to medical records. The conventional computer-science view is that scaling systems is about computational complexity; about whether the storage or communications required for a task grows more than linearly in the number of users. Over the past thirty years we've developed a pretty good theory of that, but we're learning that it's nowhere near enough. In this talk I present a complementary view, based on over thirty years' experience of security engineering, that the real limits to scale are usually elsewhere. Even where the data are manageable and the algorithms straightforward, things can fail because of the scaling properties of the social context, the economic model or the regulatory environment. This makes some automation projects much harder than they seem. When it comes to safety and privacy many of the attacks that are easy to do in the lab are rare in the wild, as they don't scale either. But others surprise us; no-one in the intelligence community anticipated a leak on the Snowden scale. In short, scaling is now a problem not of computer science but of systems engineering, economics, governance and much else. Conceiving problems too narrowly makes failure likely, while good engineering will require ever more awareness of context. The implications for research, education and policy bear some thought.

U2 - 10.1109/CSF.2016.41

DO - 10.1109/CSF.2016.41

M3 - Conference contribution

SN - 978-1-5090-2608-1

T3 - 2016 IEEE 29th Computer Security Foundations Symposium (CSF)

SP - 16

EP - 16

BT - 2016 IEEE 29th Computer Security Foundations Symposium (CSF)

T2 - 29th IEEE Computer Security Foundations Symposium 2016

Y2 - 27 June 2016 through 1 July 2016

ER -

Are the Real Limits to Scale a Matter of Science, or Engineering, or of Something Else? (Abstract only)

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this