1 / 22

Security Issues for e-Society

This workshop discusses the various security challenges and issues faced by e-Society, including privacy, integration, access control, and threat types. It explores the need for policies, mechanisms, and validation methods to ensure secure systems for e-Government and e-Citizens.

jdawn
Download Presentation

Security Issues for e-Society

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Issues for e-Society Oliver B. Popov MSU, SU, SCMU NATO ANW The Third CEENet Workshop on Managerial Issues - MIXREN Chisinau, October 200 NATO ANW

  2. On Security Security is mostly a superstition. It does not exists in nature… NATO ANW

  3. Content • e-Government definition • Aspects of Security Systems • Challenges for e-Government • Concerns of e-Citizens • Integration • Privacy • Perils and threats • Summary NATO ANW

  4. e-Government • Definition: e-Government is a combination of interconnected heterogeneous information systems in which • Government agencies • Business – private sector • Public exchange high volumes of data in order to attain seamless and secure information flow, service integration, and effective and transparent decision-making process for the benefit of every citizen. NATO ANW

  5. Fundamental Issues • Networks should be secure as any other real-life systems, no more no less. • Balance between the cost of protection and the risk of loss • When risk is less than the cost of recovering from a failure in security then investment in better systems decreases • The myth of “perfect” security NATO ANW

  6. Aspects of Secure Systems • Policy (definition what to do – specification) • Mechanism (Transformation of what into how – implementation) • Assurance (Does it match reality and how well – validation, verification, or assurance) NATO ANW

  7. Policy Making – Defining Needs • Secrecy – who gets the information • Integrity – how to use info resources and transformation • Availability – accessing info resources in easy and efficient manner • Accounting – who has done it and when NATO ANW

  8. Security Problems • Information has been changed, transformed, and damaged that has rendered unusable – integrity • Service disrupted or severely impaired – availability • Leakage and theft of data – secrecy • Private information made public – secrecy Policy as a concept selector – positive and negative NATO ANW

  9. Mechanisms for Security • Strategies • Isolation • Exclusion • Restriction • Recovery • Punishment • Access Control Model • Information Flow Control NATO ANW

  10. Access Control Models • Traditional • Discretionary (DAC) • Mandatory (MAC) • Novelty • Rule-based Access Control (RBAC) • Task-based Access Control (TBAC) • Tickets-based NATO ANW

  11. AAA or Au Standard • Authentication • Authorization • Auditing NATO ANW

  12. Validation and Verification • Trusted Computing Base – TCB • Redundancy – combination of several levels – network, computer, and applications • Simple translates to perfection for both users and administrators NATO ANW

  13. Challenges for EG • Interoperability among different systems with respect to security • Methods and metrics for the state of the democratic processes • Building and maintaining multiple partnerships as key to human networking • Management of electronic archives • Availability and equity of access NATO ANW

  14. Challenges for the e-Citizens • Omnipresence of info protection • Privacy • Identification – Digital signatures • Accessibility • Security • Return and corrective procedures • Credibility • Social profiles • Level of sharing • Responsiveness NATO ANW

  15. Integration • Semantic heterogeneity • Interoperability • Autonomy principle • Security principle • Risk and assurance propagation • Management NATO ANW

  16. Resolving Integration I • Policy and meta-policy specification • Conflict resolution • Interaction • Preference of RBAC over DAC and MAC • TBAC (where the authorization unit is a task) just emerging • Architectural models • CORBA • OSF DCE NATO ANW

  17. Resolving Integration II • Multi agent systems • Adaptive • Cooperative • Autonomous • Mobile • yet increased complexity and questionable efficiency (a lot of overhead). • Database federation • Aggregation of several database systems NATO ANW

  18. Privacy • Definition: A right of individuals, groups or organizations to determine when and how much of the information about them is communicated. • Communication – Encryption and PKI • Database – problems with sensitive personal information • Solution – a combined effort by technology, legislative, and public policy NATO ANW

  19. Infrastructure Perils • Info WMD - DoS and DDos, Virtual sit-ins, blockades, computer viruses, worms, and logic bombs • Wide range of threats – from hacking activities to cyber terrorism • SEI at CMU NATO ANW

  20. Types of Threats for EG • National level • Information (Cyber army) • Intelligence (Cyber spies) • Shared treats • Cyber terrorism • Industrial patents and products • Cyber crime • Local (hackers) • Institutional • Recreational NATO ANW

  21. Summary • Difficult and open problems • Integration of what is done so far • It appears that RBAC works well in the multi-domain environment and cooperates well with encryption and PKI • Possible aggregation with the FDM • Multi agent systems • Systems for risk analysis and security assurance • Threats management • Combined models for privacy NATO ANW

  22. Thank you NATO ANW

More Related