Embed Size (px)
Citation preview
Emerging Research Dimensions in IT Security
Dr. Salar H. [email protected]
Senior Member IEEEResearch Fellow, CoreGRID Network of Excellence
European Research Consortium for Informatics and Mathematics
Research Context
Evolution of Computing Paradigm
• Static Cooperation– Electronic Data Interchange (EDI)
• Dynamic Cooperation– Internet
• Dynamic Collaboration– Peer-to-Peer (P2P), Web Services (WS)
• Dynamic Resource Sharing– Computational Grid
ComputerComputer ComputerComputer
CustomerCustomer VendorVendorOrders, Payments
Invoice, Pricenotices, updates
New Challenges
• Very large scales– million of entities
• Dynamic– entities join, leave, move, change behavior
• Heterogeneous– capability, connectivity, reliability, guarantees, QoS
• Unreliable– components, communication
• Lack of common/complete knowledge– number, type, location, availability, connectivity,
protocols, semantics, etc.
Security – Challenges
• Computational Grids– Interoperability, Trust, Usability, Robustness/Resilience,
Delegation, Bootstrapping, Mobility
• Clusters– Integration of different security solutions, automated security
management
• Peer-to-Peer Systems– Setting up uniform security policy, Trust management, storage of
authentication tokens and user identities
• Pervasive/Ubiquitous Computing– Privacy, Scalability, Heterogeneity, Integration, Invisibility
• Mobile Computing– Dependability, Disconnections, Context and State Management
New IT Security Research Dimensions
Classical Planes
Physical
Logical
Novel Planes
Quantum
Physical
Logical
Virtual
Virtualization• The secure interoperability between VOs demands interoperable
solutions using heterogeneous systems.
• Virtualization permits each participating end-point to express the policy it wishes to see applied when engaging in a secure conversation with another end-point.
• Policies can specify supported authentication mechanisms, required integrity and confidentiality, trust policies, privacy policies, and other security constraints.
Pluggability/Configurability
• Pluggable Security Services (PSS) requirements include:
– Definition of standard and flexible interfaces– Integration at application layer– Coordinated invocation of services– Usable by users and services– Simultaneous use of multiple services– Support for future enhancement– Optimization for various communication links– Provision of real-time invocation features– Use of standard programming interfaces
PSS Architectural Overview
• Application/Client Interface– Authenticates user/application– Facilitate communications
• Configuration Daemon– Accepts machine independent,
abstract configuration request– Interacts with the coordination
service
• Security Services Handler– Absorbs the diversity of security
mechanisms
• Protocol Mapping– Contains the list of supported
protocols
• Security Architecture Interface– Consists of socket modules to plug various security services.
SEINIT: Security Expert Initiative
• IST Integrated Project– IST-2002-001929-SEINIT
• Duration: December 2003 – November 2005– Extended till February 2006
• Budget– Total cost: 8 M€– EU Contribution: 3.9 M€
• Objectives– Ensure a trusted and dependable security framework, ubiquitous,
working across multiple devices, heterogeneous networks, being organisation independent (inter-operable) and centred around an end-user.
Use case
Bob’s officeSecurity domain
Alice’s officeSecurity domain
Alice’s homeSecurity domain
Railway providerSecurity domain
Bob’s officeSecurity domain
Bob’s officeSecurity domain
Alice’s officeSecurity domain
Alice’s officeSecurity domain
Alice’s homeSecurity domain
Alice’s homeSecurity domain
Railway providerSecurity domainRailway providerSecurity domain
Novel Planes
Quantum
Physical
Logical
Virtual
Quantum Key Distribution (QKD)
• Quantum Key Distribution (QKD) is simultaneous generation of identical bit sequences in two distinct locations with quantum physical methods
• QKD enables the implementation of a secure secret channel
• To make QKD ready for practical applications, we need to– Make physical devices ready for practical application– Provide necessary interfaces for the integration into existing
technologies– Develop conceptual design for networked infrastructures– Development of cryptographic algorithms and models
• SECOQC: Secure Communication based on Quantum Cryptography– IST-2002-506813-SECOQC
• Duration: April 2004 – March 2008• Budget
– Total cost: 11.3 M€– EU Contribution: 5.5 M€
• Objectives– Global dependability and security framework
IST Integrated Project SECOQC
Conclusions & Perspectives
• Security has emerged as an indispensable characteristic of any IT system
• Security components should be woven in the IT Fabric• IT Security requires new dimensions to tackle the
contemporary threats paradigm• European Commission provides funding for IT research
through various programs of IST (Information Society Technologies)
• Notably:– Future Emerging Technologies (FET)– Beyond the Horizon
• Security is not a product – Security is a PROCESS!
