SlideShare a Scribd company logo

Security, Privacy and the Future Internet

Fraunhofer Institute for Secure Information Technology
Fraunhofer Institute for Secure Information Technology

This presentation was held by Michael Waidner at »Konferenz Zukünftiges Internet« on 5/6 of July 2011. Can be also found at: http://www.future-internet-konferenz.de/programm/5.-juli-2011-1

TechnologyNews & Politics
1 of 17
Download to read offline
Security, Privacy and the Future Internet Prof. Dr. Michael Waidner © Fraunhofer-Gesellschaft 2011 –1–
Outline  Future Internet  Security and Privacy  Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 –2–
Internet of People, Data, Services, Things, … and Crime & War Online Social Networks Cloud-delivered Cloud-delivered Crime & War IT & Business Services Globally interconnected cyber-physical system © Fraunhofer-Gesellschaft 2011 –3–
Overall, Security is Becoming More Difficult  Future Internet is the ideal target: everybody, everything is online  Professionalization and industrialization of cybercrime and cyberwar  Network of people and user-generated content  Privacy (in public spaces …)  Intellectual property © Fraunhofer-Gesellschaft 2011  Filtering illegal and dangerous content  Withstanding censorship –4–
But Security may Also Benefit from the Future Internet  Better security through standards, automation, services  Cloud will lower costs for good and well-managed security and privacy  Today, poor service management (governance, change, patch) is key source of insecurity!  Global scale, global economy may enable global standards  Trust and identity infrastructures © Fraunhofer-Gesellschaft 2011  Privacy and information sharing  Assurance, auditing, forensics –5–
Outline  Future Internet  Security and Privacy  Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 –6–
A Slightly More Technical View: Security Problems  New technologies, new threat vectors  Massive resource sharing in clouds  Mobile and ambient as new access channel  Cyber-physical convergence  Global connectivity without global identity  Old principles don’t apply anymore  Perimeter security vs. service decomposition  Trusted base vs. everything in the cloud  Managed endpoint security © Fraunhofer-Gesellschaft 2011 vs. consumerization … –7–
Some Security Research Challenges  Research pipe full of untested results  Crypto, trusted computing, provenance, sticky policies, automated checking, …  More applied research  Security for legacy systems, networks, …  Unexpected intrusions, abuses, insiders  Accountability with privacy  Forensics with privacy  Quantification of risks and security  Create a network to fight a network  Cross-org sharing of security information © Fraunhofer-Gesellschaft 2011  Commons nature of security –8–
Privacy in the Future Internet  Privacy is difficult to define  What is the €-value of your personal information?  What is privacy in a public space like an OSN?  Tradeoffs are always individual  Status  Purpose Binding: responsible data management – mostly mature  Data minimization: crypto and data management – no practical experience  Context binding: not even well defined © Fraunhofer-Gesellschaft 2011  Sustainable informational self-determination: no good solutions –9–
Some Privacy Research Challenges  What is privacy in …  OSN, location, ambient, mobile, cloud, smart grids, …  Mental models for usability  Research pipe full of untested results  Standardization  Portable id, pseudonyms, options, expiration dates, …  Globally practical trust and identity framework  M0re applied research  Privacy despite accountability  Privacy despite forensics © Fraunhofer-Gesellschaft 2011  Computing with encrypted data  Commons nature of privacy – 10 –
Outline  Future Internet  Security and Privacy  Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 – 11 –
Building a Secure System  Huge body of engineering knowledge  Many articles, books, courses, degrees, tools, …  So, in theory, this should be doable © Fraunhofer-Gesellschaft 2011 – 12 –
Building a Secure System State of the art in the software industry Source: Microsoft Secure Development Lifecycle A more detailed look But # of shows: vulnerabilities • Same errors is still again and again • IT people lack skills going up • Current processes © Fraunhofer-Gesellschaft 2011 and tools are too complex for humans Source: IBM X-Force, 2011 – 13 –
Which one is Better: “by design” or “by patching” NIST 2010: Security and Privacy Security and Privacy • 80% of development by Design by Patching costs spent on finding and fixing errors Overall: economic Overall: expensive IBM 2010: Fixing a single  High initial costs  Low initial costs defect during … costs:  Low recurring costs  High recurring costs • Coding: $80 • Build: $240 Avoids damage Damage might be • QA/Test: $960 irreversible: • Post release: $7’600 + reputational costs  Life and health  Critical infrastructure  Privacy, reputation, confidentiality © Fraunhofer-Gesellschaft 2011 European Center for Security and Privacy by Design (EC-SPRIDE) Projected start: October 1st, 2011 – 14 –
What needs to be done Challenges  Consistent models throughout all phases  Patterns for requirements analysis  Model-driven security (design, test)  Static and dynamic analysis  Usability: end users, developers, admins  Ready to use building blocks  Demonstrable and quantifiable improvements in security  Applied to interesting cases: © Fraunhofer-Gesellschaft 2011 cloud computing, embedded, …  Education for ordinary developers – 15 –
Outline  Future Internet  Security and Privacy  Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 – 16 –
Prof. Dr. Michael Waidner michael.waidner@sit.fraunhofer.de Fraunhofer-Institut für Sichere Informationstechnologie Rheinstraße 75 64295 Darmstadt www.fraunhofer.de www.sit.fraunhofer.de Center for Advanced Security Research Darmstadt Lehrstuhl für Sicherheit in der IT Mornewegstraße 30 © Fraunhofer-Gesellschaft 2011 64289 Darmstadt www.cased.de www.sit.tu-darmstadt.de – 17 –

Recommended

Ehc brochure
Ehc brochureEhc brochure
Ehc brochure
Ehab El Barbary
 
Infromation Security as an Institutional Priority
Infromation Security as an Institutional PriorityInfromation Security as an Institutional Priority
Infromation Security as an Institutional Priority
zohaibqadir
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploits
ecarrow
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
Zsolt Nemeth
 
Compliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan PrecsenyiCompliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan Precsenyi
e-Democracy Conference
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber Conflict
Zsolt Nemeth
 
Narus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position PaperNarus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position Paper
Trobough
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
Mark Lanterman
 

Recommended

Ehc brochure
Ehc brochureEhc brochure
Ehc brochure
Ehab El Barbary
 
Infromation Security as an Institutional Priority
Infromation Security as an Institutional PriorityInfromation Security as an Institutional Priority
Infromation Security as an Institutional Priority
zohaibqadir
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploits
ecarrow
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
Zsolt Nemeth
 
Compliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan PrecsenyiCompliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan Precsenyi
e-Democracy Conference
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber Conflict
Zsolt Nemeth
 
Narus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position PaperNarus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position Paper
Trobough
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
Mark Lanterman
 
Research Agenda in Security Research
Research Agenda in Security ResearchResearch Agenda in Security Research
Research Agenda in Security Research
siswarren
 
International Cyber Security 2012
International Cyber Security 2012International Cyber Security 2012
International Cyber Security 2012
Sharmin Ahammad
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
IJNSA Journal
 
Ci31560566
Ci31560566Ci31560566
Ci31560566
IJERA Editor
 
20111214 iisf shinoda_
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_
Directorate of Information Security | Ditjen Aptika
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
Mighty Guides, Inc.
 
Enhancing Academic Event Participation with Context-aware and Social Recommen...
Enhancing Academic Event Participation with Context-aware and Social Recommen...Enhancing Academic Event Participation with Context-aware and Social Recommen...
Enhancing Academic Event Participation with Context-aware and Social Recommen...
Dejan Kovachev
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
Zsolt Nemeth
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the Threat
IBM Government
 
The OK! technology - Exposé v3.26 20170208
The OK! technology - Exposé v3.26 20170208The OK! technology - Exposé v3.26 20170208
The OK! technology - Exposé v3.26 20170208
Manuel Mejías
 
Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013
Dale Butler
 
Security Awareness Program
Security Awareness ProgramSecurity Awareness Program
Security Awareness Program
David Wigton
 
Cyber Influence Operations
Cyber Influence OperationsCyber Influence Operations
Cyber Influence Operations
Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010
graywilliams
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
Trend Micro (EMEA) Limited
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
Zsolt Nemeth
 
Disaster Risk Management in the Information Age
Disaster Risk Management in the Information AgeDisaster Risk Management in the Information Age
Disaster Risk Management in the Information Age
global
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
Zsolt Nemeth
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloud
Lakshmi Subramanian
 
Digital Thinking II.
Digital Thinking II.Digital Thinking II.
Digital Thinking II.
Daniel Falus
 
7 distributed storage_open_stack
7 distributed storage_open_stack7 distributed storage_open_stack
7 distributed storage_open_stack
openstackindia
 
Petit Club Cookies - The future of privacy par nugg.ad
Petit Club Cookies - The future of privacy par nugg.adPetit Club Cookies - The future of privacy par nugg.ad
Petit Club Cookies - The future of privacy par nugg.ad
Petit Web
 

More Related Content

What's hot

Research Agenda in Security Research
Research Agenda in Security ResearchResearch Agenda in Security Research
Research Agenda in Security Research
siswarren
 
International Cyber Security 2012
International Cyber Security 2012International Cyber Security 2012
International Cyber Security 2012
Sharmin Ahammad
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
IJNSA Journal
 
Ci31560566
Ci31560566Ci31560566
Ci31560566
IJERA Editor
 
20111214 iisf shinoda_
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_
Directorate of Information Security | Ditjen Aptika
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
Mighty Guides, Inc.
 
Enhancing Academic Event Participation with Context-aware and Social Recommen...
Enhancing Academic Event Participation with Context-aware and Social Recommen...Enhancing Academic Event Participation with Context-aware and Social Recommen...
Enhancing Academic Event Participation with Context-aware and Social Recommen...
Dejan Kovachev
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
Zsolt Nemeth
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the Threat
IBM Government
 
The OK! technology - Exposé v3.26 20170208
The OK! technology - Exposé v3.26 20170208The OK! technology - Exposé v3.26 20170208
The OK! technology - Exposé v3.26 20170208
Manuel Mejías
 
Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013
Dale Butler
 
Security Awareness Program
Security Awareness ProgramSecurity Awareness Program
Security Awareness Program
David Wigton
 
Cyber Influence Operations
Cyber Influence OperationsCyber Influence Operations
Cyber Influence Operations
Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010
graywilliams
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
Trend Micro (EMEA) Limited
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
Zsolt Nemeth
 
Disaster Risk Management in the Information Age
Disaster Risk Management in the Information AgeDisaster Risk Management in the Information Age
Disaster Risk Management in the Information Age
global
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
Zsolt Nemeth
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloud
Lakshmi Subramanian
 

What's hot (19)

Research Agenda in Security Research
Research Agenda in Security ResearchResearch Agenda in Security Research
Research Agenda in Security Research
 
International Cyber Security 2012
International Cyber Security 2012International Cyber Security 2012
International Cyber Security 2012
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
 
Ci31560566
Ci31560566Ci31560566
Ci31560566
 
20111214 iisf shinoda_
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
 
Enhancing Academic Event Participation with Context-aware and Social Recommen...
Enhancing Academic Event Participation with Context-aware and Social Recommen...Enhancing Academic Event Participation with Context-aware and Social Recommen...
Enhancing Academic Event Participation with Context-aware and Social Recommen...
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the Threat
 
The OK! technology - Exposé v3.26 20170208
The OK! technology - Exposé v3.26 20170208The OK! technology - Exposé v3.26 20170208
The OK! technology - Exposé v3.26 20170208
 
Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013
 
Security Awareness Program
Security Awareness ProgramSecurity Awareness Program
Security Awareness Program
 
Cyber Influence Operations
Cyber Influence OperationsCyber Influence Operations
Cyber Influence Operations
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
 
Disaster Risk Management in the Information Age
Disaster Risk Management in the Information AgeDisaster Risk Management in the Information Age
Disaster Risk Management in the Information Age
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloud
 

Viewers also liked

Digital Thinking II.
Digital Thinking II.Digital Thinking II.
Digital Thinking II.
Daniel Falus
 
7 distributed storage_open_stack
7 distributed storage_open_stack7 distributed storage_open_stack
7 distributed storage_open_stack
openstackindia
 
Petit Club Cookies - The future of privacy par nugg.ad
Petit Club Cookies - The future of privacy par nugg.adPetit Club Cookies - The future of privacy par nugg.ad
Petit Club Cookies - The future of privacy par nugg.ad
Petit Web
 
Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Glo...
Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Glo...Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Glo...
Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Glo...
FLUZO
 
Future of privacy - Insights from Discussions Building on an Initial Perspect...
Future of privacy - Insights from Discussions Building on an Initial Perspect...Future of privacy - Insights from Discussions Building on an Initial Perspect...
Future of privacy - Insights from Discussions Building on an Initial Perspect...
Future Agenda
 
Web Meets World: Privacy and the Future of the Cloud
Web Meets World: Privacy and the Future of the CloudWeb Meets World: Privacy and the Future of the Cloud
Web Meets World: Privacy and the Future of the Cloud
gnat
 
150625_핀테크포럼 6월 정기모임_빅데이터시대와 블록체인
150625_핀테크포럼 6월 정기모임_빅데이터시대와 블록체인150625_핀테크포럼 6월 정기모임_빅데이터시대와 블록체인
150625_핀테크포럼 6월 정기모임_빅데이터시대와 블록체인
StartupAlliance
 
Mobile Cloud Computing Challenges and Security
Mobile Cloud Computing Challenges and SecurityMobile Cloud Computing Challenges and Security
Mobile Cloud Computing Challenges and Security
John Paul Prassanna
 
Net Promoter Score Pitfalls to Avoid
Net Promoter Score Pitfalls to AvoidNet Promoter Score Pitfalls to Avoid
Net Promoter Score Pitfalls to Avoid
Aureus Analytics
 
Analytics Trends 2016: The next evolution
Analytics Trends 2016: The next evolutionAnalytics Trends 2016: The next evolution
Analytics Trends 2016: The next evolution
Deloitte United States
 

Viewers also liked (10)

Digital Thinking II.
Digital Thinking II.Digital Thinking II.
Digital Thinking II.
 
7 distributed storage_open_stack
7 distributed storage_open_stack7 distributed storage_open_stack
7 distributed storage_open_stack
 
Petit Club Cookies - The future of privacy par nugg.ad
Petit Club Cookies - The future of privacy par nugg.adPetit Club Cookies - The future of privacy par nugg.ad
Petit Club Cookies - The future of privacy par nugg.ad
 
Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Glo...
Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Glo...Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Glo...
Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Glo...
 
Future of privacy - Insights from Discussions Building on an Initial Perspect...
Future of privacy - Insights from Discussions Building on an Initial Perspect...Future of privacy - Insights from Discussions Building on an Initial Perspect...
Future of privacy - Insights from Discussions Building on an Initial Perspect...
 
Web Meets World: Privacy and the Future of the Cloud
Web Meets World: Privacy and the Future of the CloudWeb Meets World: Privacy and the Future of the Cloud
Web Meets World: Privacy and the Future of the Cloud
 
150625_핀테크포럼 6월 정기모임_빅데이터시대와 블록체인
150625_핀테크포럼 6월 정기모임_빅데이터시대와 블록체인150625_핀테크포럼 6월 정기모임_빅데이터시대와 블록체인
150625_핀테크포럼 6월 정기모임_빅데이터시대와 블록체인
 
Mobile Cloud Computing Challenges and Security
Mobile Cloud Computing Challenges and SecurityMobile Cloud Computing Challenges and Security
Mobile Cloud Computing Challenges and Security
 
Net Promoter Score Pitfalls to Avoid
Net Promoter Score Pitfalls to AvoidNet Promoter Score Pitfalls to Avoid
Net Promoter Score Pitfalls to Avoid
 
Analytics Trends 2016: The next evolution
Analytics Trends 2016: The next evolutionAnalytics Trends 2016: The next evolution
Analytics Trends 2016: The next evolution
 

Similar to Security, Privacy and the Future Internet

Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
Intel IT Center
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
IBM Danmark
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
Junos Pulse Mobile Security Suite Launch
Junos Pulse Mobile Security Suite LaunchJunos Pulse Mobile Security Suite Launch
Junos Pulse Mobile Security Suite Launch
Juniper Networks
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate Overview
Stephen Bates
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are Failing
Global Business Events
 
Resilience as a new Enforcement Model for IT Security based on Usage Control
Resilience as a new Enforcement Model for IT Security based on Usage ControlResilience as a new Enforcement Model for IT Security based on Usage Control
Resilience as a new Enforcement Model for IT Security based on Usage Control
Sven Wohlgemuth
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
Intel IT Center
 
Fia presentatie
Fia presentatieFia presentatie
Fia presentatie
ictseserv
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmann
segughana
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
HyTrust
 
Jacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J BJacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J B
Irish Future Internet Forum
 
Security and privacy issues of pervasive computing
Security and privacy issues of pervasive computingSecurity and privacy issues of pervasive computing
Security and privacy issues of pervasive computing
Ram kumar
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
F5 Networks
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
Cisco Security
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile world
WTHS
 
Security
SecuritySecurity
Security
digitalagenda2012
 
Trend Internet of Things
Trend Internet of ThingsTrend Internet of Things
Trend Internet of Things
Deris Stiawan
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
UNIT4 IT Solutions
 

Similar to Security, Privacy and the Future Internet (20)

Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
Junos Pulse Mobile Security Suite Launch
Junos Pulse Mobile Security Suite LaunchJunos Pulse Mobile Security Suite Launch
Junos Pulse Mobile Security Suite Launch
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate Overview
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are Failing
 
Resilience as a new Enforcement Model for IT Security based on Usage Control
Resilience as a new Enforcement Model for IT Security based on Usage ControlResilience as a new Enforcement Model for IT Security based on Usage Control
Resilience as a new Enforcement Model for IT Security based on Usage Control
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
 
Fia presentatie
Fia presentatieFia presentatie
Fia presentatie
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmann
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
Jacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J BJacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J B
 
Security and privacy issues of pervasive computing
Security and privacy issues of pervasive computingSecurity and privacy issues of pervasive computing
Security and privacy issues of pervasive computing
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile world
 
Security
SecuritySecurity
Security
 
Trend Internet of Things
Trend Internet of ThingsTrend Internet of Things
Trend Internet of Things
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
 

Recently uploaded

RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 

Recently uploaded (20)

RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 

Security, Privacy and the Future Internet

  • 1. Security, Privacy and the Future Internet Prof. Dr. Michael Waidner © Fraunhofer-Gesellschaft 2011 –1–
  • 2. Outline  Future Internet  Security and Privacy  Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 –2–
  • 3. Internet of People, Data, Services, Things, … and Crime & War Online Social Networks Cloud-delivered Cloud-delivered Crime & War IT & Business Services Globally interconnected cyber-physical system © Fraunhofer-Gesellschaft 2011 –3–
  • 4. Overall, Security is Becoming More Difficult  Future Internet is the ideal target: everybody, everything is online  Professionalization and industrialization of cybercrime and cyberwar  Network of people and user-generated content  Privacy (in public spaces …)  Intellectual property © Fraunhofer-Gesellschaft 2011  Filtering illegal and dangerous content  Withstanding censorship –4–
  • 5. But Security may Also Benefit from the Future Internet  Better security through standards, automation, services  Cloud will lower costs for good and well-managed security and privacy  Today, poor service management (governance, change, patch) is key source of insecurity!  Global scale, global economy may enable global standards  Trust and identity infrastructures © Fraunhofer-Gesellschaft 2011  Privacy and information sharing  Assurance, auditing, forensics –5–
  • 6. Outline  Future Internet  Security and Privacy  Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 –6–
  • 7. A Slightly More Technical View: Security Problems  New technologies, new threat vectors  Massive resource sharing in clouds  Mobile and ambient as new access channel  Cyber-physical convergence  Global connectivity without global identity  Old principles don’t apply anymore  Perimeter security vs. service decomposition  Trusted base vs. everything in the cloud  Managed endpoint security © Fraunhofer-Gesellschaft 2011 vs. consumerization … –7–
  • 8. Some Security Research Challenges  Research pipe full of untested results  Crypto, trusted computing, provenance, sticky policies, automated checking, …  More applied research  Security for legacy systems, networks, …  Unexpected intrusions, abuses, insiders  Accountability with privacy  Forensics with privacy  Quantification of risks and security  Create a network to fight a network  Cross-org sharing of security information © Fraunhofer-Gesellschaft 2011  Commons nature of security –8–
  • 9. Privacy in the Future Internet  Privacy is difficult to define  What is the €-value of your personal information?  What is privacy in a public space like an OSN?  Tradeoffs are always individual  Status  Purpose Binding: responsible data management – mostly mature  Data minimization: crypto and data management – no practical experience  Context binding: not even well defined © Fraunhofer-Gesellschaft 2011  Sustainable informational self-determination: no good solutions –9–
  • 10. Some Privacy Research Challenges  What is privacy in …  OSN, location, ambient, mobile, cloud, smart grids, …  Mental models for usability  Research pipe full of untested results  Standardization  Portable id, pseudonyms, options, expiration dates, …  Globally practical trust and identity framework  M0re applied research  Privacy despite accountability  Privacy despite forensics © Fraunhofer-Gesellschaft 2011  Computing with encrypted data  Commons nature of privacy – 10 –
  • 11. Outline  Future Internet  Security and Privacy  Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 – 11 –
  • 12. Building a Secure System  Huge body of engineering knowledge  Many articles, books, courses, degrees, tools, …  So, in theory, this should be doable © Fraunhofer-Gesellschaft 2011 – 12 –
  • 13. Building a Secure System State of the art in the software industry Source: Microsoft Secure Development Lifecycle A more detailed look But # of shows: vulnerabilities • Same errors is still again and again • IT people lack skills going up • Current processes © Fraunhofer-Gesellschaft 2011 and tools are too complex for humans Source: IBM X-Force, 2011 – 13 –
  • 14. Which one is Better: “by design” or “by patching” NIST 2010: Security and Privacy Security and Privacy • 80% of development by Design by Patching costs spent on finding and fixing errors Overall: economic Overall: expensive IBM 2010: Fixing a single  High initial costs  Low initial costs defect during … costs:  Low recurring costs  High recurring costs • Coding: $80 • Build: $240 Avoids damage Damage might be • QA/Test: $960 irreversible: • Post release: $7’600 + reputational costs  Life and health  Critical infrastructure  Privacy, reputation, confidentiality © Fraunhofer-Gesellschaft 2011 European Center for Security and Privacy by Design (EC-SPRIDE) Projected start: October 1st, 2011 – 14 –
  • 15. What needs to be done Challenges  Consistent models throughout all phases  Patterns for requirements analysis  Model-driven security (design, test)  Static and dynamic analysis  Usability: end users, developers, admins  Ready to use building blocks  Demonstrable and quantifiable improvements in security  Applied to interesting cases: © Fraunhofer-Gesellschaft 2011 cloud computing, embedded, …  Education for ordinary developers – 15 –
  • 16. Outline  Future Internet  Security and Privacy  Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 – 16 –
  • 17. Prof. Dr. Michael Waidner michael.waidner@sit.fraunhofer.de Fraunhofer-Institut für Sichere Informationstechnologie Rheinstraße 75 64295 Darmstadt www.fraunhofer.de www.sit.fraunhofer.de Center for Advanced Security Research Darmstadt Lehrstuhl für Sicherheit in der IT Mornewegstraße 30 © Fraunhofer-Gesellschaft 2011 64289 Darmstadt www.cased.de www.sit.tu-darmstadt.de – 17 –