A bodyguard of lies: the use of honey objects in information security

Decoy objects, often labeled in computer security with the term honey, are a powerful tool for compromise detection and mitigation. There has been little exploration of overarching theories or set of principles or properties, however. This short paper (and accompanying keynote talk) briefly explore two properties of honey systems, indistinguishability and secrecy. The aim is to illuminate a broad design space that might encompass a wide array of areas in information security, including access control, the main topic of this symposium. Dr. Ari Juels is a roving chief scientist specializing in computer security. He was Chief Scientist of RSA (The Security Division of EMC), Director of RSA Laboratories, and a Distinguished Engineer at EMC, where he worked until September 2013. He joined RSA in 1996 after receiving his Ph.D. in computer science from U.C. Berkeley. His recent areas of interest include "big data" security analytics, cybersecurity, cloud security, user authentication, privacy, medical-device security, biometric security, and RFID / NFC security. As an industry scientist, Dr. Juels has helped incubate innovative new product features and products and advised on the science behind security-industry strategy. He is also a frequent public speaker, and has published highly cited scientific papers on many topics in computer security. In 2004, MIT's Technology Review Magazine named Dr. Juels one of the world's top 100 technology innovators under the age of 35. Computerworld honored him in its "40 Under 40" list of young industry leaders in 2007. He has received other distinctions, but sadly no recent ones acknowledging his youth.