Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 New Generation of Trusted Technologies Claire Vishik March 2014.

Similar presentations


Presentation on theme: "11 New Generation of Trusted Technologies Claire Vishik March 2014."— Presentation transcript:

1 11 New Generation of Trusted Technologies Claire Vishik March 2014

2 Outline  Connected environment  Towards trust-based technologies with built in security & privacy  Towards users with good understanding of technologies  Global environment; research & practice 2

3 Ubiquitous connectivity Devices & appliances Services, infrastructure -Shopping, education, banking, electrical systems, consumer appliances, health, trasportation, -Organizations, etc. Areas Adapted from Ericsson

4 New Era for Computing Source: Cisco Visual Networking Index MB/Month *Forecast Average Traffic per SMARTPHONE Average Traffic per TABLET Average Traffic per LAPTOP MB/Month * * * 66%Video 40%Video 2015 Mobile Traffic Mobile Traffic Today 3600 PB/month 90 PB/month 7M paid video subscribers 700M paid video subscribers ~40x

5 New Usage Models Multiple uses for the same devices & process Multiple uses for the same devices & process Identical uses for different processes Identical uses for different processes Casual and formal environments merge Casual and formal environments merge Diverse business and economic models overlap Diverse business and economic models overlap Interaction increases in all environments Interaction increases in all environments Barriers to entry are reduced, but the environments and processes gain complexity Barriers to entry are reduced, but the environments and processes gain complexity Source: Stanford (adapted)

6 New trust and security problems Arising in (examples):  Supply chain  Industrial systems  Internet of things  Mobile devices Arising through (examples):  New usage models  Economic developments  Geopolitical issues

7 “We see many signs that criminals are mimicking the practices embraced by successful, legitimate businesses to reap revenue and grow their enterprises.” 3 —Tom Gillis, Vice President and General Manager, Cisco Security Products Cybercrime is Funding Organized Crime Cybercrime has been so profitable for organized crime that the mob is using it to fund its other underground exploits. And U.S. law enforcement is reaching around the world to reel it in. 2 Tools to perform security attacks are readily available and increasingly efficient The tools are increasingly adapted to the intended environments Threat Environment Threats are more sophisticated and professional New threats from: Social networking Drive-by downloads Mobile & CPS devices Hardware and firmware attacks Virtualization attacks Power management tools Home automation

8 Example: Home Automation  Kohno & Denning, 2013  Technically savvy burglars could identify houses with expensive, easily resold items.  Adversaries can also target technologies with new capabilities, – accessing video and audio – unlocking doors – disabling home security, – tampering with healthcare – interfering with home appliances and utilities  New approaches are needed to supplement available mechanisms

9 Outline  Connected Environment  Towards trust-based technologies with built in security & privacy  Towards users with good understanding of technology  Global environment, research & practice 9

10 Trust and Trust Evidence  Research on improving trust anchors or point solutions seems no longer sufficient – Most processes today are cross-domain and dynamic, with devices and participants leaving and joining domains – Devices, networks, and applications are increasingly complex  If all trust anchors were implemented successfully, the ecosystem still would not be secure  We need mechanisms to produce, verify, transmit, share, and consume dynamic evidence of trust among the components of the ecosystem

11 Wang, Y. and Singh, M. P., 2010: Trust Definitions  Trust is belief about future actions – Reflects the trusting party’s belief that the trusted party will support it – In computing, it affects decisions made by one or more participants, subject to two constraints: Ability to predict each other’s behavior It doesn’t work well in anonymous systems  Current approaches emphasize identity – E.g., by presenting a certificate, with the assumption that the verification process is robust and valid  Reputation based trust permits us to look at graduated trust values

12 Other Trust Definitions  Ban Al-Ani, Erik Trainer, David Redmiles, Erik Simmons, 2012 – Trust can be defined in terms of one party’s expectations of another, and the former’s willingness to be vulnerable based on those expectations.  Jingwei Huang and Mark S. Fox, 2007 – Trust is established in interaction between two entities and any one entity only has a finite number of direct trust relationships. – Some types of trust have to be transitive

13 13 What the developers need to know if they develop for every use case Intent of all other developers Legacy integration Software environment Future device architectures Economic & regulatory requirements Composite threat picture Usability & performance tradeoffs Current and potential use models Networking environments Incomplete list of issues…

14 14 Trust Indicators (Trust Evidence) Broadly applicable indicators that provide evidence that a system, network, device or application are trustworthy and have preserved their integrity –Examples include: –Results of certification or self-certification; data quality (for medical devices), risk parameters, development process, attestation results, device, network, and user identification, adherence to baselines –Typically machine readable, ideally quantitative –Quantitative models for trust are reputation based or based on statistics for deviations,e.g.,Tian Liqin et al –Could be communicated through trust language and trust protocols

15 15 Potential research topics Broadly applicable trust indicators, trust language, intent semantics, and protocols that can use them 1 Dynamic discovery of trustworthy environments & related topics 2 Dynamic integrity and authenticity measurements 3 Risk-based flexible policy enforcement mechanisms 4 Hardware and software instrumentation for trust monitoring 5 Trust infrastructure 6 Cross domain trust 7 Economics of trust and economic incentives for implementers 8

16 16 Vision for future environment Security & privacy become part of core functionality in hardware and software Designed-In-Security (DIS) process is formulated to be adapted diverse use cases and short product lifecycles Foundational security & privacy From secure elements to security & privacy view for complete systems and the ecosystem Deep understanding of mutual influence of components of ecosystem for all use cases Innovative threat models Dynamic models for threats and mitigations that are cross-cutting and broadly applicable Deep understanding of societal factors Extensible framework and composite view

17 17 …and new generation of technology professionals Understanding of technology and non-technical issues (law, economics, psychology, usability) Ability to formulate technology problems in context Multi- disciplinary background Background that forms a foundation for life- long learning Training and education methods that can quickly pinpoint and remedy gaps Ability to adopt new work processes More flexible work processes that enable technologists to join and leave teams as needed while preserving accountability Ability to define and discover critical skills in the technical community in order to focus development and design processes Lifetime skill acquisition

18 Outline  Connected Environment  Towards trust-based technologies with built In security & privacy  Towards users with good understanding of technologies  Global Environment, Research & Practice 18

19 19 What the users need to know if they try to understand devices and applications Application & network ownership Data movements All software on their devices Security& privacy features of each device Regulatory requirements Information they share Optimal configuration for each device, application, activity Security models used Networking environments Incomplete list of issues…

20 20 New approaches to user awareness: vision Indicators are available to detect potential security & privacy impacts of electronic activities, especially in new contexts No specialized knowledge required to understand implications Consequences of activities are clear Key security & privacy features are enabled by default, configuration choices are clear and linked to usage Configuration choices address composite view of the platform and of using multiple devices Education systems provide solid technical background Education systems enable everyone to understand basic features and operations of ICT systems Mechanisms for updating knowledge and obtaining additional information are in place Foundational features enable security & privacy

21 Outline  Connected Environment  Towards trust-based technologies with built-in security and privacy  Towards users with good understanding of technologies  Global Environment, research & practice 21

22 22 Global Environment ICT environments operate globally Cloud computing Distributed data International workforce R&D collaboration Diverse regulatory & legal framework Varied technology adoption models Different education systems Different lifestyles and living standards Convergent Networks Incomplete list of issues…

23 23 Practical and theoretical aspects of research Perceived or real disconnect between “real life problems” and theoretical research caused by (a few examples): –Differing tactical goals –Increasing specialization of research –Decreasing product development cycles –Multidisciplinary nature of many hard problems –Limited access to real life data and operational environments –Lack of broadly applicable technology transfer approaches Increased awareness (examples): –Commercialization and transition to practice –“Real life” conferences and workshops, e.g., real life cryptography –Funded programs to support mechanisms for industry and academic collaboration –Industrial advisory boards –Private/public partnerships

24 24 Vision for future collaboration (sample ideas) Ability to pursue ecosystem-wide initiatives leading to broadly applicable solutions Ability to work on focused context-driven research Deep understanding of mutual influence of components of ecosystem for all use cases Ecosystem- wide and niche problems (end-to- end) Ability to realign as needed at different stages Ability to assess potential for adoption and innovation impact at early stage Ability to quickly build focused short and long term research partnerships Agile and responsive research teams Dynamic multi-disciplinary collaboration models Initiative and project re-alignment based on results and innovation in other area New usage models and technologies considered simultaneously Flexible mechanisms for private- public collaboration

25 25 Thank you! Questions?


Download ppt "11 New Generation of Trusted Technologies Claire Vishik March 2014."

Similar presentations


Ads by Google