dirc pa6: security and privacy in computer-based systems peter ryan school of computing science...

DIRC PA6:Security and Privacy in Computer-Based Systems

Peter Ryan

School of Computing Science

University of Newcastle

[email protected]

GRID Security Edinburgh 6 December 2002 P Y A Ryan

DIRC

Dependability Interdisciplinary Research Collaboration.

6 year project, 5 institutions:– Newcastle– Edinburgh– City, London– York– Lancaster

www.dirc.org


DIRC

Take account of the socio-technical as well as technical factors influencing dependability.

Computer scientists, psychologists, sociologists, ethnographers…

9 Project Activities, 6=Security.5 themes: structure, diversity,

timeliness, responsibility, risk.


PA6: Security

Security is an essential aspect of dependable, computer-based systems.

Many systems have top-level security requirements (e.g. medical informatics).

Others have to deal with security threats in order to dependably deliver their requirements (e.g. ATC).

Recognition of the vulnerability of critical infrastructures makes this work particularly timely.


Background

Hitherto, research in information assurance has tended to:– concentrate on technical failures and

counter-measures.– aim for “Absolute” security and assume

prevention mechanisms are enough.– Security policies have mainly been about

(binary) information flows, MLS, MAC etc.


DIRC/PA6 ApproachRecognise that:

– Most security failures are due to, or at least facilitated by, human failures.

– Security policies require a mix of technical and socio-technical enforcement mechanisms.

– Systems will have vulnerabilities and intrusions will occur. Hence need a mix of prevention, containment, detection and recovery.

– Need to deal with exceptions.– Need richer classes of policies, e.g. privacy.– Need to deal with evolving systems, requirements and

threats.– Need measures of system robustness in the face of

malicious threats.


Objectives

1. Characterise security and privacy requirements in computer-based systems.

2. Characterise socio-technical threats and vulnerabilities.

3. Explore the theoretical and practical boundary between technical and socio-technical enforcement mechanisms.

4. Develop models, techniques and tools to support design and assessment w.r.t. security requirements and threats. Trade-offs.

5. Investigate the role of structure and diversity.6. Understand the role of intrusion detection and

diagnosis.


Objective 2Characterise the behaviours and failure modes of

humans interacting with the system:– Users– Security officers– White hats, grey hats, hackers…– Insiders– Designers, implementers etc

Shaping factors (both sides):– Motivation– Competence– Rewards/losses– Complacency– Least effort– Stress– Risk perception


Case studies

Healthcare recordsE-governmentFinancial sector NATSDynamic coalitionsDistributed scientific computations

(GRID).


Healthcare case study

Need to address:• Privacy (anonymity)• Integrity• Availability• Accountability

– Conflicting interests of various stakeholders:• Patients• Clinicians• Researchers• Society• Administrators• Insurance• Law-enforcement


GRID Security

Excellent DIRC case study:Strongly interdisciplinary.“Complex, dynamic, heterogeneous user

base” (B Collins).Also complex:

– Security requirements.– Threat models– Trust relationships

Is RBAC enough?Legal and economic factors.


GRID Security

GRID is not a single well defined entity.

Many different projects with different requirements, approaches etc.


Further interdisciplinary aspects

Trust ResponsibilityDelegationLegal aspectsEconomic aspectsExceptionsEvolving systems, requirements and

threats.


FP6 ESORICS Security NoE

Facilitate and stimulate cooperation and cross-fertilisation between the principal security experts in Europe.

To address the security and privacy challenges facing e-Europe in the 21st century.

To help put Europe at the forefront research in security and privacy.

Address issues raised in, for example, the ISTAG report: security for ambient spaces etc.


ESORICS

European Symposium On Research In Computer Security.

Premier European conference on security research.

European counterpart to IEEE Security and Privacy.

Gathers together many of the key European experts in security and privacy (and some non-EU).


Editorial Team

• Peter Ryan, Newcastle UK

• Yves Deswarte, LAAS Fr

• Frederic Cuppens, ONERA Fr

• Dieter Gollmann, MSR UK

• Simon Foley, Cork Ir

• Pierangela Samarati, Milan It

• Elisa Bertino, Milan It

• Bart Preneel, KU Leuven B

• Fabio Martinelli, Milan It

• Jean-Jacques Quisquater, UCL B

• Katsikas Socrates, Aegean Gr

• Steve Schneider, Royal Holloway UK

• Refik Molva, Eurocom Fr


Structure Foundations of Security and Trust

– Formal methods for security analysis, Security models and policies, Information flow (non-interference), Cryptography

Security Mechanisms

– Access control and authorization, Security protocol design and analysis, Secure Programming (languages, mobile code)

Security Architectures

– Secure architectures, Security of middleware, Secure systems and devices (smartcards)

Communications and Distributed System Security

– Secure Communications (mobile and fixed), Network Security (wireless and wireline), Intrusion Detection (forensics), Secure applications (e-business, e-vote, etc.)

Security Management

– Privacy and Identity Management, Trust (Management), DRM


Activities

ResearchTravel and exchangesEducation, training.StudentshipsWorkshopsStandardisationDissemination, technology transfer….

dirc pa6: security and privacy in computer-based systems peter ryan school of computing science...

Documents