1 / 17

Prof. Leszek Lilien (Chair) Department of Computer Science Western Michigan University Kalamazoo, Michigan, USA

3rd International Conference on Trust, Privacy & Security in Digital Business Krak ó w, Poland , September 4-8, 2006 Panel Discussion : Is S ecurity W ithout Trust Feasible ?. Prof. Leszek Lilien (Chair) Department of Computer Science Western Michigan University Kalamazoo, Michigan, USA.

vicky
Download Presentation

Prof. Leszek Lilien (Chair) Department of Computer Science Western Michigan University Kalamazoo, Michigan, USA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 3rd International Conference onTrust, Privacy & Security in Digital Business Kraków, Poland, September 4-8, 2006Panel Discussion:Is Security Without Trust Feasible ? Prof. Leszek Lilien(Chair) Department of Computer Science Western Michigan University Kalamazoo, Michigan, USA

  2. Introduction • Hypothesis: Feasibility of security without trust is a perception, not a reality • Why “feasibility of security without trust” might be perceived Reason 1) User’s perspective (rather than computing system perspective)on security-trust relationships in computing Reason 2)Lack of trust documentation/specifications 2

  3. Reason 1: User’s Perspective on Security-Trust Relationships in Computing • System-level perspective: Security is built upon trust • System-level analysis should show that mechanisms providing security in computing systems rely on trust assumptions • User-level relationship: Trust is built upon security • Users of computing systems trust only systems that are (among others) secure => From users’ perspective, trust without securityis not feasiblein computing systems BUT From users’ perspective, trust is not perceived as a basis of system security => security without trustis feasiblein computing systems 3

  4. Reason 2: Lack of Trust Documentation/Specifications • To analyze Reason 2 for perception of feasibility of “security without trust,”a few preliminaries must be discussed • Trust in closed and open computing systems (or social systems) • Closed systems(or subsystems) • All components are known a priori • Open systems(or subsystems) • Components that are “strangers” (not known a priori) can join the system 4

  5. Trust in closed and open computing systems – cont. • Claim 1a: The proper level of componenttrustworthiness in closed systems can be assureda priori • Once assured, it can then be assumed by component’s users • Users are other system components, incl. humans • Claim 1b: The proper level of componenttrustworthiness in open systems must be assured in real time • No trust level can be assumed a priori • Trust level for a stranger is unknown / uncertain • Dynamically determined by each stranger’s partner 5

  6. Claim 2: Trust is pervasive in computing systems (as in social systems) • Bec. trust relationships always exist between system components • As they always exist among people and artifacts in a society • Claim 3: Too often trust relationships are not documented 6

  7. Types of trust documentation 1) Embeddedtrust documentation- trust specifications encoded within software • Software processes these trust specs • Process = collect trust data, verify data, calculate trust values, … 2) Externaltrust documentation– written trust specifications not within software • No processing of trust specs by software 3) Missingtrust documentation– no trust specifications exist 7

  8. Claim 4: • Missingtrust documentation should be disallowed in any system(whether closed or open) • Externaltrust documentation may be used in closedsystems • System components can rely on assured trust assumptions • Software not required to process trust specs in the real time • Embeddedtrust specifications must be used in opensystems • System components can not rely on assured trust assumptions • Software required to process embedded trust specs in the real time 8

  9. >>> optional <<< • Examples of externally documented trust specifications that are acceptable • Implicit stated trust among modules of a computing system from a single software house • A closed system • Implicit stated trust among web sites administered by a single company • A closed system 9

  10. Effectiveness and costs of trust specifications • Embedded trust specificationsresult in best security but are most expensive • Must be used wherever required • Required in opensystems • Externaltrust specificationscan provideacceptable security at a lowercost • Should be used wherever allowed • Allowed in closedsystems • Missingtrust specificationsare unacceptable in terms of security 10

  11. Is security without trust feasiblein computing systems? • „Security without trust” might seemfeasible in computing systems • Might even seem common However, the reality is that … • Claim 5:… Impression of „security without trust” is misleading • If no trust relationships aredocumented in a system, it does not mean that there are none 11

  12. Conclusions • Recall myHypothesis: Feasibility of security without trust is a perception, not a reality • I analyzed 2 reasons why “feasibility of security without trust” might be perceived • Reason 1: User’s perspective (rather than computing system perspective)on security-trust relationships in computing • Reason 2:Lack of trust documentation/specifications • Based on the analysis of Reasons 1 & 2, my answer to the panel question is: Security without trust is not feasiblein computing systems 12

  13. Thank you very much for your time and attention!

  14. This page left blank intentionally. 14

  15. This page left blank intentionally. 15

  16. Publications onOppnets(intensive work on oppnets started in our WiSe Lab in December 2005) • Leszek Lilien and Ajay Gupta, ” Opportunistic Networks for Emergency Preparedness and Response” (submitted for publication). • Leszek Lilien, Z. Huma Kamal, and Ajay Gupta, "Opportunistic Networks: Research Challenges in Specializing the P2P Paradigm,” Proc. 3rd International Workshop on P2P Data Management, Security and Trust (PDMST’06), Kraków, Poland, September 2006. • Leszek Lilien, “Developing Specialized Ad Hoc Networks: The Case of Opportunistic Networks,” Proc. Workshop on Distributed Systems and Networks at the WWIC 2006 Conference,Bern, Switzerland, May 2006 (invited paper, proceedings to appear). • Leszek Lilien, Z. Huma Kamal, Vijay Bhuse and Ajay Gupta, "Opportunistic Networks: The Concept and Research Challenges in Privacy and Security,” Proc. International Workshop on Research Challenges in Security and Privacy for Mobile and Wireless Networks (WSPWN 2006), Miami, Florida, March 2006. • B. Bhargava, L. Lilien, A. Rosenthal, and M. Winslett, “Pervasive Trust,” IEEE Intelligent Systems, vol. 19(5), Sep./Oct.2004, pp. 74-77 (first brief mention of the oppnet idea, in the form of malevolent opportunistic sensor networks). 16

  17. WiSe Lab Experience in Sensornets – Selected Projects Since January 2003 NOTE: Results directly useful for oppnets are marked with an asterisk (*) • Designing of WiSe Security Protocols: DSPS • Location Tracker Using Motes (*) • RHS: Remote Home Surveillance (*) • Directed Diffusion: Attacks & Countermeasures • Improving the Accuracy of Mote Measurements by UsingNeural Networks • SOMS: Smart Occupancy Monitoring System Using Motes (*) • Comparative Study of Network Simulators • Collaborative Image Processing (*) • DENSe: a Development Environment for Networked Sensors • Incorporating Mobile-ware in Distributed Computations / Grids (*) • Extendingthe ns-2 Simulator to Satellite and WCN Simulations • Smart Antennas for WCNs • Energy Efficient MAC Protocols for IEEE 802.11x • A Wireless Security Testing System (*) • Mobile and Self-Calibrating Irrigation System • Collective Communications for Sensornets (*) 17

More Related