Your SlideShare is downloading. ×
0
Security, Privacy and the Future InternetProf. Dr. Michael Waidner                                            © Fraunhofer...
Outline     Future Internet     Security and Privacy     Security and Privacy by Design                                ...
Internet of People, Data, Services, Things, … and Crime & War                      Online                  Social Networks...
Overall, Security is Becoming More Difficult                       Future Internet is the ideal target:                  ...
But Security may Also Benefit from the Future Internet                       Better security through                     ...
Outline     Future Internet     Security and Privacy     Security and Privacy by Design                                ...
A Slightly More Technical View: Security Problems                      New technologies, new threat vectors              ...
Some Security Research Challenges                     Research pipe full of untested results                       Crypt...
Privacy in the Future Internet                   Privacy is difficult to define                     What is the €-value ...
Some Privacy Research Challenges                What is privacy in …                  OSN, location, ambient, mobile, cl...
Outline     Future Internet     Security and Privacy     Security and Privacy by Design                                ...
Building a Secure System Huge body of  engineering  knowledge Many articles,  books, courses,  degrees, tools, … So, in...
Building a Secure SystemState of theart in thesoftwareindustry                  Source: Microsoft Secure Development Lifec...
Which one is Better: “by design” or “by patching”                                                       NIST 2010:Security...
What needs to be done                    Challenges                         Consistent models throughout all phases      ...
Outline     Future Internet     Security and Privacy     Security and Privacy by Design                                ...
Prof. Dr. Michael Waidnermichael.waidner@sit.fraunhofer.deFraunhofer-Institut fürSichere InformationstechnologieRheinstraß...
Upcoming SlideShare
Loading in...5
×

Security, Privacy and the Future Internet

1,890

Published on

This presentation was held by Michael Waidner at »Konferenz Zukünftiges Internet« on 5/6 of July 2011.

Can be also found at: http://www.future-internet-konferenz.de/programm/5.-juli-2011-1

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,890
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
46
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Security, Privacy and the Future Internet"

  1. 1. Security, Privacy and the Future InternetProf. Dr. Michael Waidner © Fraunhofer-Gesellschaft 2011 –1–
  2. 2. Outline  Future Internet  Security and Privacy  Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 –2–
  3. 3. Internet of People, Data, Services, Things, … and Crime & War Online Social Networks Cloud-deliveredCloud-delivered Crime & War IT & Business Services Globally interconnected cyber-physical system © Fraunhofer-Gesellschaft 2011 –3–
  4. 4. Overall, Security is Becoming More Difficult  Future Internet is the ideal target: everybody, everything is online  Professionalization and industrialization of cybercrime and cyberwar  Network of people and user-generated content  Privacy (in public spaces …)  Intellectual property © Fraunhofer-Gesellschaft 2011  Filtering illegal and dangerous content  Withstanding censorship –4–
  5. 5. But Security may Also Benefit from the Future Internet  Better security through standards, automation, services  Cloud will lower costs for good and well-managed security and privacy  Today, poor service management (governance, change, patch) is key source of insecurity!  Global scale, global economy may enable global standards  Trust and identity infrastructures © Fraunhofer-Gesellschaft 2011  Privacy and information sharing  Assurance, auditing, forensics –5–
  6. 6. Outline  Future Internet  Security and Privacy  Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 –6–
  7. 7. A Slightly More Technical View: Security Problems  New technologies, new threat vectors  Massive resource sharing in clouds  Mobile and ambient as new access channel  Cyber-physical convergence  Global connectivity without global identity  Old principles don’t apply anymore  Perimeter security vs. service decomposition  Trusted base vs. everything in the cloud  Managed endpoint security © Fraunhofer-Gesellschaft 2011 vs. consumerization … –7–
  8. 8. Some Security Research Challenges  Research pipe full of untested results  Crypto, trusted computing, provenance, sticky policies, automated checking, …  More applied research  Security for legacy systems, networks, …  Unexpected intrusions, abuses, insiders  Accountability with privacy  Forensics with privacy  Quantification of risks and security  Create a network to fight a network  Cross-org sharing of security information © Fraunhofer-Gesellschaft 2011  Commons nature of security –8–
  9. 9. Privacy in the Future Internet  Privacy is difficult to define  What is the €-value of your personal information?  What is privacy in a public space like an OSN?  Tradeoffs are always individual  Status  Purpose Binding: responsible data management – mostly mature  Data minimization: crypto and data management – no practical experience  Context binding: not even well defined © Fraunhofer-Gesellschaft 2011  Sustainable informational self-determination: no good solutions –9–
  10. 10. Some Privacy Research Challenges  What is privacy in …  OSN, location, ambient, mobile, cloud, smart grids, …  Mental models for usability  Research pipe full of untested results  Standardization  Portable id, pseudonyms, options, expiration dates, …  Globally practical trust and identity framework  M0re applied research  Privacy despite accountability  Privacy despite forensics © Fraunhofer-Gesellschaft 2011  Computing with encrypted data  Commons nature of privacy – 10 –
  11. 11. Outline  Future Internet  Security and Privacy  Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 – 11 –
  12. 12. Building a Secure System Huge body of engineering knowledge Many articles, books, courses, degrees, tools, … So, in theory, this should be doable © Fraunhofer-Gesellschaft 2011 – 12 –
  13. 13. Building a Secure SystemState of theart in thesoftwareindustry Source: Microsoft Secure Development Lifecycle A more detailed lookBut # of shows:vulnerabilities • Same errorsis still again and again • IT people lack skillsgoing up • Current processes © Fraunhofer-Gesellschaft 2011 and tools are too complex for humans Source: IBM X-Force, 2011 – 13 –
  14. 14. Which one is Better: “by design” or “by patching” NIST 2010:Security and Privacy Security and Privacy • 80% of developmentby Design by Patching costs spent on finding and fixing errorsOverall: economic Overall: expensive IBM 2010: Fixing a single High initial costs  Low initial costs defect during … costs: Low recurring costs  High recurring costs • Coding: $80 • Build: $240Avoids damage Damage might be • QA/Test: $960 irreversible: • Post release: $7’600 + reputational costs  Life and health  Critical infrastructure  Privacy, reputation, confidentiality © Fraunhofer-Gesellschaft 2011 European Center for Security and Privacy by Design (EC-SPRIDE) Projected start: October 1st, 2011 – 14 –
  15. 15. What needs to be done Challenges  Consistent models throughout all phases  Patterns for requirements analysis  Model-driven security (design, test)  Static and dynamic analysis  Usability: end users, developers, admins  Ready to use building blocks  Demonstrable and quantifiable improvements in security  Applied to interesting cases: © Fraunhofer-Gesellschaft 2011 cloud computing, embedded, …  Education for ordinary developers – 15 –
  16. 16. Outline  Future Internet  Security and Privacy  Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 – 16 –
  17. 17. Prof. Dr. Michael Waidnermichael.waidner@sit.fraunhofer.deFraunhofer-Institut fürSichere InformationstechnologieRheinstraße 7564295 Darmstadtwww.fraunhofer.dewww.sit.fraunhofer.deCenter for Advanced SecurityResearch DarmstadtLehrstuhl für Sicherheit in der ITMornewegstraße 30 © Fraunhofer-Gesellschaft 201164289 Darmstadtwww.cased.dewww.sit.tu-darmstadt.de – 17 –
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×