Cover ERCIM News 63

This issue in pdf
(64 pages; 30Mb)


Cover ERCIM News 62
previous issue:
Number 62
July 2005:
Special theme:
Multimedia Informatics

previous issues online

Next issue:
January 2006

Next Special theme:
Emergent Computing

Call for the next issue

About ERCIM News

< Contents ERCIM News No. 63, October 2005

Michael Waidner

Michael Waidner
Head of the IBM Privacy Research Institute
IBM Research Division, Zurich Research Lab

Security and Trust Management

Until a few years ago, talking about information security was a sure way to distinguish between Information and Communication Technology (ICT) and business people. ICT people started to ask questions about bits and bytes, key lengths and signature updates. Business people left the room. Since then the situation has changed dramatically: new regulations and significant security and privacy incidents have pushed the security topic into the board room.

From a business perspective, security is all about managing risk. An ICT system provides the right level of security if it keeps the risk for the business at an acceptable level. What counts for this risk are potential losses due to malicious acts by disgruntled employees, criminal hackers or terrorists. Whether a risk is acceptable or not is a business decision. How to describe this level and how to demonstrate that an ICT system meets that level is one of the fundamental challenges in Computer Science.

While security is getting board room attention, actually securing ICT systems is becoming more difficult than ever: The dependencies between enterprises are rapidly growing: Thanks to the increasing specialization in industry, more and more enterprises need to cooperate to provide a specific service. Moreover, these dependencies are becoming much more dynamic in time. Today most business relations are still based on paper contracts, but the trend clearly goes towards dynamically negotiated and electronically confirmed contracts. As a result, the security boundaries between enterprises are quickly becoming less and less strict. Back-end servers that were formerly carefully protected through multiple protection layers are now directly exposed to the outside, as they offer their services to many enterprises. Applications that used to run on dedicated servers now run on a virtual, shared infrastructure, using physical resources that might be spread all over the world.

But the cause for this amplification of security problems - the trend towards On Demand business - also creates new opportunities to solve these security problems:

Service-oriented architecture (SOA) is the concept that supports the dynamic integration of enterprises into larger, virtual enterprises, based on standardized Web services. This well-defined construction principle allows embedding security and privacy in the fabric of the new infrastructure. Security and privacy play a prime role in forming virtual enterprises – an enterprise can manage its risk only if it knows what risk it takes by interacting with another enterprise, what trust it has to invest in its partners, and how that trust is established and justified. Therefore these risk and trust requirements and guarantees must be negotiated as part of the service-level agreements and the partners must provide service-oriented assurances to one another on which they can base their own risk management.

Virtualization and trusted platforms: Providing services in a cost-efficient and manageable way requires the sharing of technical resources whenever possible. This observation resulted in an astonishing renaissance of virtualization technology. Logical partitions and strong isolation are well-known mainframe security concepts – now they are becoming available on essentially all platforms. Similarly, rooting the security of a platform in a piece of trusted and secure hardware is becoming main stream, thanks to the effort of the Trusted Computing Group. Together these concepts offer the chance to build up distributed computing platforms in a secure way from scratch. In theory this is nothing spectacular, considering that most concepts have been known for decades, but practically this is the first time that there is broad agreement in industry to make this happen.

Business-oriented compliance and risk management: The last part is linking ICT and business. In the same way ICT people are used to express their security requirements in a security policy, business people need to express what they require from their systems in a formalized compliance policy and in the same way business people are used to being informed about their stock price falling or climbing they need to be informed as to whether their security risk level is falling or climbing. Many aspects of this linking are still a matter of research.

'On Demand' amplifies many of today's security and privacy problems, but it also offers the unique chance to build in security and privacy from the beginning, and to make security and privacy first class citizens of the new ICT infrastructure.

Michael Waidner