DIRC PA6: Security and Privacy in Computer-Based Systems Peter Ryan School of Computing Science University of Newcastle

Slides:

Advertisements

Similar presentations

SEA-EU Higher Education cooperation: the ACCESS experience Fabio Nascimbeni, MENON Network.

Advertisements

Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.

Results & Conclusions Barbara Davies BRISTOL CITY COUNCIL EURoPrice 2 13 th December Brussels FINAL CONFERENCE.

ICT Work Programme NCP Infoday 23 June Maria Geronymaki DG INFSO.H.2 ICT for Government & Public Services Objective.

Jacques Bus, Head of Unit DG Information Society and Media EU-US Cooperation in Network and Information Security 17 Mar, 2008 – Yale, US.

An Interdisciplinary Approach to Grid Security P Y A Ryan School of Computing Science University of Newcastle.

Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.

Trust, Privacy, and Security Moderator: Bharat Bhargava 1 Coordinators: Bharat Bhargava 1, Csilla Farkas 2, and Leszek Lilien 1 1 Purdue University and.

MANETs A Mobile Ad Hoc Network (MANET) is a self-configuring network of mobile nodes connected by wireless links. Characteristics include: no fixed infrastructure.

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

PRIVACY, TRUST, and SECURITY Bharat Bhargava (moderator)

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.

IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.

Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Network of Excellence in Internet Science Network of Excellence in Internet Science (EINS) 2 nd REVIEW Brussels, 4-5 February 2014 FP7-ICT

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

SEC835 Database and Web application security Information Security Architecture.

IEEE Systems Council VP Technical Operations Status; April 9, 2010 ieeesystemscouncil.org The SC has established a distinguished lecturer program. AESS.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Software Engineering ‘The establishment and use of sound engineering principles (methods) in order to obtain economically software that is reliable and.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

James Aiello PricewaterhouseCoopers Africa Utility Week 06 International Good Practice in Procurement.

Session Chair: Peter Doorn Director, Data Archiving and Networked Services (DANS), The Netherlands.

Adaptation knowledge needs and response under the UNFCCC process Adaptation Knowledge Day V Session 1: Knowledge Gaps Bonn, Germany 09 June 2014 Rojina.

National Biodiversity Platforms Link to EPBRS discuss, develop & share strategies to develop and implement biodiversity research ensure that biodiversity.

IST programme Cultural Heritage in Tomorrow ’s Knowledge Society FUTURE PLANS FP6 Cultural Heritage in Tomorrow ’s Knowledge Society FUTURE PLANS FP6 RRRESE.

The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:

E-Science Projects and Security M. Angela Sasse & Mike Surridge.

Graduates for the 21 st Century - Perspective from Research Ian Diamond RCUK.

Combining Theory and Systems Building Experiences and Challenges Sotirios Terzis University of Strathclyde.

Cryptography and Network Security (CS435) Part One (Introduction)

SEEK Welcome Malcolm Atkinson Director 12 th May 2004.

MAFTIA Expression of Interest for DEFINE and DESIRE presented by Robert Stroud, University of Newcastle upon Tyne.

1 Innovation in Services Business Service Design and Innovation Fostering the Economic and Legal Framework for Innovation Performance and Development of.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

E u r o p e a n C o m m i s s i o nCommunity Research Global Change and Ecosystems EU environmental research : Part B Policy objectives  Lisbon strategy.

National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.

E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.

TERENA Networking Conference, Antalya, 15 May 2001 R.Tirler1 Disclaimer: The views expressed in this presentation are those of the author and do not necessarily.

The Laboratory of Information Integration, Security and Privacy ● University of North Carolina at Charlotte URL: 306, UNC Charlotte.

Jacques Bus Head of Unit, DG INFSO-F5 “Security” European Commission FP7 launch in the New Member States Regional on-line conference 22 January 2007 Objective.

Toward a common data and command representation for quantum chemistry Malcolm Atkinson Director 5 th April 2004.

Technology-enhanced Learning: EU research and its role in current and future ICT based learning environments Pat Manson Head of Unit Technology Enhanced.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

TÜBİTAK – BİLGEM – SGE Cyber Security Institute Asım Gençer Gökce TÜBİTAK BİLGEM Cyber Security Institute (SGE) Role: Cyber.

LSEC H2020-DS - & CIP Ulrich Seldeslachts, Brussels, January 27th, 2016.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

Cultural Heritage in Tomorrow ’s Knowledge Society Cultural Heritage in Tomorrow ’s Knowledge Society Claude Poliart Project Officer Cultural Heritage.

Presentation By: Leaniza F. Igot-Scheir, RN Clinical Nursing Information System First Sem Chapter 20: Practice Applications Chapter 20 by Joyce.

Social Sciences and Humanities in Europe: New Challenges, New Opportunities “The influence of the Framework Programmes in Social Sciences and Humanities.

NETWORKS OF EXCELLENCE KEY ISSUES David Fuegi

June 25, 2016 Concepts and methods for exploring the future of learning with digital technologies A research network funded by the European Commission,

FET Proactive Initiative: “The Disappearing Computer 2” Thomas Skordas.

Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.

Information Security, Theory and Practice.

Data and Applications Security

8 Building Blocks of National Cyber Strategies

Civil Protection Financial Instrument – Prevention Projects

Data and Applications Security

Data and Applications Security

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

Data and Applications Security

Presentation transcript:

DIRC PA6: Security and Privacy in Computer-Based Systems Peter Ryan School of Computing Science University of Newcastle

GRID Security Edinburgh 6 December 2002 P Y A Ryan DIRC Dependability Interdisciplinary Research Collaboration. 6 year project, 5 institutions: –Newcastle –Edinburgh –City, London –York –Lancaster

GRID Security Edinburgh 6 December 2002 P Y A Ryan DIRC Take account of the socio-technical as well as technical factors influencing dependability. Computer scientists, psychologists, sociologists, ethnographers… 9 Project Activities, 6=Security. 5 themes: structure, diversity, timeliness, responsibility, risk.

GRID Security Edinburgh 6 December 2002 P Y A Ryan PA6: Security Security is an essential aspect of dependable, computer-based systems. Many systems have top-level security requirements (e.g. medical informatics). Others have to deal with security threats in order to dependably deliver their requirements (e.g. ATC). Recognition of the vulnerability of critical infrastructures makes this work particularly timely.

GRID Security Edinburgh 6 December 2002 P Y A Ryan Background Hitherto, research in information assurance has tended to: –concentrate on technical failures and counter-measures. –aim for “Absolute” security and assume prevention mechanisms are enough. –Security policies have mainly been about (binary) information flows, MLS, MAC etc.

GRID Security Edinburgh 6 December 2002 P Y A Ryan DIRC/PA6 Approach Recognise that: –Most security failures are due to, or at least facilitated by, human failures. –Security policies require a mix of technical and socio- technical enforcement mechanisms. –Systems will have vulnerabilities and intrusions will occur. Hence need a mix of prevention, containment, detection and recovery. –Need to deal with exceptions. –Need richer classes of policies, e.g. privacy. –Need to deal with evolving systems, requirements and threats. –Need measures of system robustness in the face of malicious threats.

GRID Security Edinburgh 6 December 2002 P Y A Ryan Objectives 1.Characterise security and privacy requirements in computer-based systems. 2.Characterise socio-technical threats and vulnerabilities. 3.Explore the theoretical and practical boundary between technical and socio-technical enforcement mechanisms. 4.Develop models, techniques and tools to support design and assessment w.r.t. security requirements and threats. Trade-offs. 5.Investigate the role of structure and diversity. 6.Understand the role of intrusion detection and diagnosis.

GRID Security Edinburgh 6 December 2002 P Y A Ryan Objective 2 Characterise the behaviours and failure modes of humans interacting with the system: –Users –Security officers –White hats, grey hats, hackers… –Insiders –Designers, implementers etc Shaping factors (both sides): –Motivation –Competence –Rewards/losses –Complacency –Least effort –Stress –Risk perception

GRID Security Edinburgh 6 December 2002 P Y A Ryan Case studies Healthcare records E-government Financial sector NATS Dynamic coalitions Distributed scientific computations (GRID).

GRID Security Edinburgh 6 December 2002 P Y A Ryan Healthcare case study Need to address: Privacy (anonymity) Integrity Availability Accountability –Conflicting interests of various stakeholders: Patients Clinicians Researchers Society Administrators Insurance Law-enforcement

GRID Security Edinburgh 6 December 2002 P Y A Ryan GRID Security Excellent DIRC case study: Strongly interdisciplinary. “Complex, dynamic, heterogeneous user base” (B Collins). Also complex: –Security requirements. –Threat models –Trust relationships Is RBAC enough? Legal and economic factors.

GRID Security Edinburgh 6 December 2002 P Y A Ryan GRID Security GRID is not a single well defined entity. Many different projects with different requirements, approaches etc.

GRID Security Edinburgh 6 December 2002 P Y A Ryan Further interdisciplinary aspects Trust Responsibility Delegation Legal aspects Economic aspects Exceptions Evolving systems, requirements and threats.

GRID Security Edinburgh 6 December 2002 P Y A Ryan FP6 ESORICS Security NoE Facilitate and stimulate cooperation and cross-fertilisation between the principal security experts in Europe. To address the security and privacy challenges facing e-Europe in the 21 st century. To help put Europe at the forefront research in security and privacy. Address issues raised in, for example, the ISTAG report: security for ambient spaces etc.

GRID Security Edinburgh 6 December 2002 P Y A Ryan ESORICS European Symposium On Research In Computer Security. Premier European conference on security research. European counterpart to IEEE Security and Privacy. Gathers together many of the key European experts in security and privacy (and some non-EU).

GRID Security Edinburgh 6 December 2002 P Y A Ryan Editorial Team Peter Ryan, Newcastle UK Yves Deswarte, LAAS Fr Frederic Cuppens, ONERA Fr Dieter Gollmann, MSR UK Simon Foley, Cork Ir Pierangela Samarati, Milan It Elisa Bertino, Milan It Bart Preneel, KU Leuven B Fabio Martinelli, Milan It Jean-Jacques Quisquater, UCL B Katsikas Socrates, Aegean Gr Steve Schneider, Royal Holloway UK Refik Molva, Eurocom Fr

GRID Security Edinburgh 6 December 2002 P Y A Ryan Structure Foundations of Security and Trust –Formal methods for security analysis, Security models and policies, Information flow (non-interference), Cryptography Security Mechanisms –Access control and authorization, Security protocol design and analysis, Secure Programming (languages, mobile code) Security Architectures –Secure architectures, Security of middleware, Secure systems and devices (smartcards) Communications and Distributed System Security –Secure Communications (mobile and fixed), Network Security (wireless and wireline), Intrusion Detection (forensics), Secure applications (e-business, e-vote, etc.) Security Management –Privacy and Identity Management, Trust (Management), DRM

GRID Security Edinburgh 6 December 2002 P Y A Ryan Activities Research Travel and exchanges Education, training. Studentships Workshops Standardisation Dissemination, technology transfer….