Presentation is loading. Please wait.

Presentation is loading. Please wait.

DIRC PA6: Security and Privacy in Computer-Based Systems Peter Ryan School of Computing Science University of Newcastle

Published byMadeline Carter Modified over 8 years ago

Similar presentations

Presentation on theme: "DIRC PA6: Security and Privacy in Computer-Based Systems Peter Ryan School of Computing Science University of Newcastle"— Presentation transcript:

1 DIRC PA6: Security and Privacy in Computer-Based Systems Peter Ryan School of Computing Science University of Newcastle Peter.Ryan@ncl.ac.uk

2 GRID Security Edinburgh 6 December 2002 P Y A Ryan DIRC Dependability Interdisciplinary Research Collaboration. 6 year project, 5 institutions: –Newcastle –Edinburgh –City, London –York –Lancaster www.dirc.org

3 GRID Security Edinburgh 6 December 2002 P Y A Ryan DIRC Take account of the socio-technical as well as technical factors influencing dependability. Computer scientists, psychologists, sociologists, ethnographers… 9 Project Activities, 6=Security. 5 themes: structure, diversity, timeliness, responsibility, risk.

4 GRID Security Edinburgh 6 December 2002 P Y A Ryan PA6: Security Security is an essential aspect of dependable, computer-based systems. Many systems have top-level security requirements (e.g. medical informatics). Others have to deal with security threats in order to dependably deliver their requirements (e.g. ATC). Recognition of the vulnerability of critical infrastructures makes this work particularly timely.

5 GRID Security Edinburgh 6 December 2002 P Y A Ryan Background Hitherto, research in information assurance has tended to: –concentrate on technical failures and counter-measures. –aim for “Absolute” security and assume prevention mechanisms are enough. –Security policies have mainly been about (binary) information flows, MLS, MAC etc.

6 GRID Security Edinburgh 6 December 2002 P Y A Ryan DIRC/PA6 Approach Recognise that: –Most security failures are due to, or at least facilitated by, human failures. –Security policies require a mix of technical and socio- technical enforcement mechanisms. –Systems will have vulnerabilities and intrusions will occur. Hence need a mix of prevention, containment, detection and recovery. –Need to deal with exceptions. –Need richer classes of policies, e.g. privacy. –Need to deal with evolving systems, requirements and threats. –Need measures of system robustness in the face of malicious threats.

7 GRID Security Edinburgh 6 December 2002 P Y A Ryan Objectives 1.Characterise security and privacy requirements in computer-based systems. 2.Characterise socio-technical threats and vulnerabilities. 3.Explore the theoretical and practical boundary between technical and socio-technical enforcement mechanisms. 4.Develop models, techniques and tools to support design and assessment w.r.t. security requirements and threats. Trade-offs. 5.Investigate the role of structure and diversity. 6.Understand the role of intrusion detection and diagnosis.

8 GRID Security Edinburgh 6 December 2002 P Y A Ryan Objective 2 Characterise the behaviours and failure modes of humans interacting with the system: –Users –Security officers –White hats, grey hats, hackers… –Insiders –Designers, implementers etc Shaping factors (both sides): –Motivation –Competence –Rewards/losses –Complacency –Least effort –Stress –Risk perception

9 GRID Security Edinburgh 6 December 2002 P Y A Ryan Case studies Healthcare records E-government Financial sector NATS Dynamic coalitions Distributed scientific computations (GRID).

10 GRID Security Edinburgh 6 December 2002 P Y A Ryan Healthcare case study Need to address: Privacy (anonymity) Integrity Availability Accountability –Conflicting interests of various stakeholders: Patients Clinicians Researchers Society Administrators Insurance Law-enforcement

11 GRID Security Edinburgh 6 December 2002 P Y A Ryan GRID Security Excellent DIRC case study: Strongly interdisciplinary. “Complex, dynamic, heterogeneous user base” (B Collins). Also complex: –Security requirements. –Threat models –Trust relationships Is RBAC enough? Legal and economic factors.

12 GRID Security Edinburgh 6 December 2002 P Y A Ryan GRID Security GRID is not a single well defined entity. Many different projects with different requirements, approaches etc.

13 GRID Security Edinburgh 6 December 2002 P Y A Ryan Further interdisciplinary aspects Trust Responsibility Delegation Legal aspects Economic aspects Exceptions Evolving systems, requirements and threats.

14 GRID Security Edinburgh 6 December 2002 P Y A Ryan FP6 ESORICS Security NoE Facilitate and stimulate cooperation and cross-fertilisation between the principal security experts in Europe. To address the security and privacy challenges facing e-Europe in the 21 st century. To help put Europe at the forefront research in security and privacy. Address issues raised in, for example, the ISTAG report: security for ambient spaces etc.

15 GRID Security Edinburgh 6 December 2002 P Y A Ryan ESORICS European Symposium On Research In Computer Security. Premier European conference on security research. European counterpart to IEEE Security and Privacy. Gathers together many of the key European experts in security and privacy (and some non-EU).

16 GRID Security Edinburgh 6 December 2002 P Y A Ryan Editorial Team Peter Ryan, Newcastle UK Yves Deswarte, LAAS Fr Frederic Cuppens, ONERA Fr Dieter Gollmann, MSR UK Simon Foley, Cork Ir Pierangela Samarati, Milan It Elisa Bertino, Milan It Bart Preneel, KU Leuven B Fabio Martinelli, Milan It Jean-Jacques Quisquater, UCL B Katsikas Socrates, Aegean Gr Steve Schneider, Royal Holloway UK Refik Molva, Eurocom Fr

17 GRID Security Edinburgh 6 December 2002 P Y A Ryan Structure Foundations of Security and Trust –Formal methods for security analysis, Security models and policies, Information flow (non-interference), Cryptography Security Mechanisms –Access control and authorization, Security protocol design and analysis, Secure Programming (languages, mobile code) Security Architectures –Secure architectures, Security of middleware, Secure systems and devices (smartcards) Communications and Distributed System Security –Secure Communications (mobile and fixed), Network Security (wireless and wireline), Intrusion Detection (forensics), Secure applications (e-business, e-vote, etc.) Security Management –Privacy and Identity Management, Trust (Management), DRM

18 GRID Security Edinburgh 6 December 2002 P Y A Ryan Activities Research Travel and exchanges Education, training. Studentships Workshops Standardisation Dissemination, technology transfer….

Download ppt "DIRC PA6: Security and Privacy in Computer-Based Systems Peter Ryan School of Computing Science University of Newcastle"

Similar presentations

SEA-EU Higher Education cooperation: the ACCESS experience Fabio Nascimbeni, MENON Network.

SEA-EU Higher Education cooperation: the ACCESS experience Fabio Nascimbeni, MENON Network.
Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.

Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.
Results & Conclusions Barbara Davies BRISTOL CITY COUNCIL EURoPrice 2 13 th December 2002 - Brussels FINAL CONFERENCE.

Results & Conclusions Barbara Davies BRISTOL CITY COUNCIL EURoPrice 2 13 th December Brussels FINAL CONFERENCE.
ICT Work Programme 2011-12 NCP Infoday 23 June Maria Geronymaki DG INFSO.H.2 ICT for Government & Public Services Objective.

ICT Work Programme NCP Infoday 23 June Maria Geronymaki DG INFSO.H.2 ICT for Government & Public Services Objective.
Jacques Bus, Head of Unit DG Information Society and Media EU-US Cooperation in Network and Information Security 17 Mar, 2008 – Yale, US.

Jacques Bus, Head of Unit DG Information Society and Media EU-US Cooperation in Network and Information Security 17 Mar, 2008 – Yale, US.
An Interdisciplinary Approach to Grid Security P Y A Ryan School of Computing Science University of Newcastle.

An Interdisciplinary Approach to Grid Security P Y A Ryan School of Computing Science University of Newcastle.
Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.

Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.
Trust, Privacy, and Security Moderator: Bharat Bhargava 1 Coordinators: Bharat Bhargava 1, Csilla Farkas 2, and Leszek Lilien 1 1 Purdue University and.

Trust, Privacy, and Security Moderator: Bharat Bhargava 1 Coordinators: Bharat Bhargava 1, Csilla Farkas 2, and Leszek Lilien 1 1 Purdue University and.
MANETs A Mobile Ad Hoc Network (MANET) is a self-configuring network of mobile nodes connected by wireless links. Characteristics include: no fixed infrastructure.

MANETs A Mobile Ad Hoc Network (MANET) is a self-configuring network of mobile nodes connected by wireless links. Characteristics include: no fixed infrastructure.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
PRIVACY, TRUST, and SECURITY Bharat Bhargava (moderator)

PRIVACY, TRUST, and SECURITY Bharat Bhargava (moderator)
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.

1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.
IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.

IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.
Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,

Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Network of Excellence in Internet Science Network of Excellence in Internet Science (EINS) 2 nd REVIEW Brussels, 4-5 February 2014 FP7-ICT-2011.1.6-288021.

Network of Excellence in Internet Science Network of Excellence in Internet Science (EINS) 2 nd REVIEW Brussels, 4-5 February 2014 FP7-ICT
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google