Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security and Privacy A vision for inter-disciplinary research in Information Security Andrew Martin (with Ashiyan Rahmani-Shirazi) Oxford University.

Published byJillian Rasband Modified over 10 years ago

Similar presentations

Presentation on theme: "Information Security and Privacy A vision for inter-disciplinary research in Information Security Andrew Martin (with Ashiyan Rahmani-Shirazi) Oxford University."— Presentation transcript:

1 Information Security and Privacy A vision for inter-disciplinary research in Information Security Andrew Martin (with Ashiyan Rahmani-Shirazi) Oxford University Computing Laboratory ISPP seminar series 17th January 2011

2 The information age needs information security almost everything of value has a digital existence today – whether it solely exists in the digital domain or merely casts a shadow, or something in between – whether that value is in monetary terms or something less tradable, such as privacy that fact is plainly not lost on those with criminal intent – of course, it is the value which attracts them – and some items with value may be subject to collateral damage

3 Whose problem is this? technologists? cryptographers? lawyers? educators? economists? politicians? regulators? business leaders? the military? social scientists? psychologists?

4 Example 1 credit: Paul England, Microsoft Most of our computer operating systems are designed around an administrator this person is given all power; full control we assume that – the administrator is wise – the administrator is good – the administrator is knowledgeable http://www.boerner.net/jboerner/wp-content/uploads/2009/10/1955tradic.gif

5 Example 1 One of these is todays administrator this person is given all power; full control we assume that – the administrator is wise – the administrator is good – the administrator is knowledgeable

6 Example 1 One or more of these is todays administrator this person is given all power; full control we assume that – the administrator is wise – the administrator is good – the administrator is knowledgeable

7 Example 1 These violated assumptions can be remedied in many ways – make the unwise liable – explicitly tie liability to control – education, education, education – reducing the extent of their full control None is completely satisfactory

8 Example 2

9 Example 3

10 Example 4 Interdisciplinary perspectives on IT Security With particular reference to perspectives on International Relations & Human Rights Ashiyan Rahmani-Shirazi

11 DDOS on Human Rights NGOs 'Distributed Denial of Service (DDoS) is an increasingly common Internet phenomenon capable of silencing Internet speech, usually for a brief interval but occasionally for longer. In this paper, we explore the specific phenomenon of DDoS attacks on independent media and human rights organizations, seeking to understand the nature and frequency of these attacks, their efficacy, and the responses available to sites under attack. Our report offers advice to independent media and human rights sites likely to be targeted by DDoS but comes to the uncomfortable conclusion that there is no easy solution to these attacks for many of these sites, particularly for attacks that exhaust network bandwidth.' Berkman Center for Internet & Society report, "Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites" by Ethan Zuckerman et al., December 20th 2010.

12 IT Security & IR - sample attack SQL injection attack carried out on the UN website homepage in August 2007

13 Social Media & Political Change Twitter and Iran (WashingtonPost) – The US State Department asked Twitter to delay scheduled maintenance in June to avoid disrupting communications among tech-savvy Iranian citizens – Cyberactivism also harmful - a lot of calls for Twitter users to participate in cyber-attacks on pro-government Web sites in Iran.

14 China, Power & the Net. China and Google (www.arstechnica.com) Facebook and Twitter are blocked for their ability to organize groups with anti-government intentions Leading Chinese video sites Youku.com and Tudou.com actively monitor submissions and delete those that they consider inappropriate or in violation of Chinese law. Chinese government attack on pro-Tibetan NGO's Attack on NGO critical of Chinese policy in Darfur Five DDOS attacks on Chinese human rights activist websites in January 2010

15 Threat Analysis Insider attacks - including recent Wikileaks attacks on US Government. Organisational Facebook policy/Twitter policy? 'Enemy' Governmental attacks e.g. Human rights NGO's intrusion by Human Rights abuser states. 'Home' Governmental attacks e.g. US government monitoring. Internal threats Competing organisations. Hackers/Profiteering/Wackos.

16 Some existing IT security multidisciplinary research & NGOs Electronic Frontier Foundation - www.eff.orgwww.eff.org Tactical Technology Collective - www.tacticaltech.orgwww.tacticaltech.org Frontline - www.frontlinedefenders.orgwww.frontlinedefenders.org Harvard Berkman Centre - cyber.law.harvard.edu

17 MSC Thesis - 'A study of and best practices for IT security for the Baha'i International Community - United Nations Office' Abstract For many small organizations operating in a sensitive political, religious, or social context, information security is a critical concern. This dissertation reports upon a study of the current IT security framework of the offices of a non-governmental organization (NGO): the Baha'i International Community United Nations Office (BICUNO), based in New York and Geneva. The study makes use of questionnaires and interviews to determine the current practices and requirements of staff (IT and general), in terms of security related activities. An analysis of current practices, looking at strengths and weaknesses, is performed in the context of the current literature, including the ISO 27002 standard, on security practices. A number of recommendations are presented, in the form of "best security practices", for adoption in this and similar settings.

18 Thank You! Ashiyan Rahmani-Shirazi MA Kellogg College, Oxford MSC (candidate) - Software Engineering email: a_rahmani@hotmail.com + Wheat Atlas Intern, www.cimmyt.org Business Development Manager (p/t), www.ascertica.com

19 The Story so Far Issues in security (a.k.a. risk management) give rise to questions in – cryptography, networking, systems engineering, – law, ethics, criminology, psychology, education – business, management, economics, politics All but the simplest questions cross boundaries among these – Security economics is a well-established discipline – Likewise usability in security, perhaps to a lesser extent with work on psychological acceptability etc. – Technologists sometimes talk to regulators Trusted Computing is a good example – Others study ICT policy in its own right –...

20 Security Ecosystem Representative examples; Trademarks belong to their respective owners ISO27000

21 So we have a multi-billion dollar security industry – much of it geared towards yesterdays threats points of contact with academic research are numerous, but patchy robust methodologies for tough questions are missing should staff be allowed to connect smartphones and tablets to my infrastructure? should staff be allowed to store corporate data on their own smartphones and tablets? should staff be allowed to connect smartphones and tablets to my infrastructure? should staff be allowed to store corporate data on their own smartphones and tablets?

22 CSI Computer Crime and Security Survey, 2008

23 Disruptive Technology smart metering personalized medicine electronic healthcare records e- Government social networking smartphones and tablets IPTV connected home internet of things multi-purpose sensor networks road pricing everything- as-a-service Large scale; heterogeneous Inherent complexity Mostly rather unlike the personal computer we have known until now Immense value to society Big investment by individuals Unexpectedly becoming critical infrastructure Almost total de- materialization of the boundary Many interested parties; many administrators

24 Role of the University joined-up thinking – without an axe to grind, maybe questions everyone wants answered trusted third party skill sets related to those found in business/government – together with those that are not! testbed – large, complex, dynamic network with great experimental subjects :) technologists? cryptographers? lawyers? educators? economists? politicians? regulators? business leaders? the military? social scientists? psychologists?

25 Vision for an institute permanent centre to study these ideas needs lasting links to existing disciplines where do CIOs go to school? – where do they get their CPD? where are the stimulating sources of ideas? where do they go for non-partisan advice?

26 Menu of activities Masters in business and information security Pure academic research at this nexus Boundary-crossing research, and applied research (DTC, EngD) Contract research Open-ended research Public understanding Leadership professional secondments strengthening the Universitys own security

27 Conclusion 1. the challenge of information security will continue to grow as our digital economy grows 2. no single discipline can meet that challenge alone 3. a university – in general, and this one in particular – is well-placed to make the right connections

28 COMPUTING LABORATORY SOFTWARE ENGINEERING PROGRAMME SOFTWARE AND SYSTEMS SECURITY Andrew Martin, MA, DPhil, MBCS, CEng, CITP Deputy Director, Software Engineering Programme Wolfson Building, Parks Road, Oxford OX1 3QD, UK. +44 (0) 1865 283605 Andrew.Martin@comlab.ox.ac.uk www.softeng.ox.ac.uk/andrew.martin COMPUTING LABORATORY SOFTWARE ENGINEERING PROGRAMME SOFTWARE AND SYSTEMS SECURITY Andrew Martin, MA, DPhil, MBCS, CEng, CITP Deputy Director, Software Engineering Programme Wolfson Building, Parks Road, Oxford OX1 3QD, UK. +44 (0) 1865 283605 Andrew.Martin@comlab.ox.ac.uk www.softeng.ox.ac.uk/andrew.martin 28

Download ppt "Information Security and Privacy A vision for inter-disciplinary research in Information Security Andrew Martin (with Ashiyan Rahmani-Shirazi) Oxford University."

Similar presentations

EU Presidency Conference Effective policies for the development of competencies of youth in Europe Warsaw, 16-18 November 2011 Improving basic skills in.

EU Presidency Conference Effective policies for the development of competencies of youth in Europe Warsaw, November 2011 Improving basic skills in.
ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Look What I Did! Student Conduct, Online Communities, and You Derek Smith & Jessica Tittermary Delaware Valley College MACUHO Annual Conference October.

Look What I Did! Student Conduct, Online Communities, and You Derek Smith & Jessica Tittermary Delaware Valley College MACUHO Annual Conference October.
Why should my organisation move to Internet Explorer 9? An upgrade guide for IT professionals.

Why should my organisation move to Internet Explorer 9? An upgrade guide for IT professionals.
INDIANAUNIVERSITYINDIANAUNIVERSITY GENI Global Environment for Network Innovation James Williams Director – International Networking Director – Operational.

INDIANAUNIVERSITYINDIANAUNIVERSITY GENI Global Environment for Network Innovation James Williams Director – International Networking Director – Operational.
The Messy World of Grey Literature in Cyber Security 8 th Grey Literature Conference 4-5 December 2006 New Orleans, Louisiana Patricia Erwin – I3P Senior.

The Messy World of Grey Literature in Cyber Security 8 th Grey Literature Conference 4-5 December 2006 New Orleans, Louisiana Patricia Erwin – I3P Senior.
Developing an inclusive information society Research and policy approaches ESDIS meeting, Brussels 13 January 2003 Dr. Susan ODonnell Itech Research -

Developing an inclusive information society Research and policy approaches ESDIS meeting, Brussels 13 January 2003 Dr. Susan ODonnell Itech Research -
Developing European Library Services in Changing Times Dr Paul Ayris Director of UCL Library Services and UCL Copyright Officer President of LIBER (Association.

Developing European Library Services in Changing Times Dr Paul Ayris Director of UCL Library Services and UCL Copyright Officer President of LIBER (Association.
From e-Government to e-Governance: The OECD Experience Elizabeth Muller E-Government Project OECD SitExpo2004 18-21 February 1004, Casablanca - Morocco.

From e-Government to e-Governance: The OECD Experience Elizabeth Muller E-Government Project OECD SitExpo February 1004, Casablanca - Morocco.
1 Fortinet Confidential 1 T I T R E Fortinet 2013 Global Survey.

1 Fortinet Confidential 1 T I T R E Fortinet 2013 Global Survey.
ESCALATE December 1 st 2008 Professional Development for Higher Education: Mapping the territory. Dr Liz Beaty, Director Strategic Academic Practice and.

ESCALATE December 1 st 2008 Professional Development for Higher Education: Mapping the territory. Dr Liz Beaty, Director Strategic Academic Practice and.
Digital Citizenship at West Dalhousie School 2010/12.

Digital Citizenship at West Dalhousie School 2010/12.
Research Administration Capacity Building in an Established Institution Presenter: M.M.Aboud, MD Director of Research and Publications, MUHAS.

Research Administration Capacity Building in an Established Institution Presenter: M.M.Aboud, MD Director of Research and Publications, MUHAS.
Natalie Ceeney July 2008 CIO/CEO challenges – the UK perspective.

Natalie Ceeney July 2008 CIO/CEO challenges – the UK perspective.
The impact of the UK Freedom of Information Act on records management Dr Elizabeth Shepherd Department of Information Studies, University College London.

The impact of the UK Freedom of Information Act on records management Dr Elizabeth Shepherd Department of Information Studies, University College London.
Near East Plant Protection Network for Regional Cooperation & Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview on.

Near East Plant Protection Network for Regional Cooperation & Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview on.
Summary of theme 1 CHALLENGES Uta Wehn de Montalvo 30 May 2013.

Summary of theme 1 CHALLENGES Uta Wehn de Montalvo 30 May 2013.
Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.

Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.
Social Media is fun... We’ll show you how!. Terri Flagg Social Media Director, United States Power Squadrons Roy H. Park Masters.

Social Media is fun... We’ll show you how!. Terri Flagg Social Media Director, United States Power Squadrons Roy H. Park Masters.
13th Fiesole Collection Development Retreat, St Petersburg, 11-13 May 2011 (Primary) Data: The New Special Collections for Research Libraries? Wouter Schallier.

13th Fiesole Collection Development Retreat, St Petersburg, May 2011 (Primary) Data: The New Special Collections for Research Libraries? Wouter Schallier.

Similar presentations

Ads by Google