1 / 16

Security & Dependability in Complex & Critical Information Systems

Security & Dependability in Complex & Critical Information Systems. michel.riguidel@telecom-paristech.fr École nationale supérieure des télécommunications Depend 2008, Cap Esterel , August 27, 2008. Plates tectonics : Continental drift. for scientific disciplines.

keaton
Télécharger la présentation

Security & Dependability in Complex & Critical Information Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security & Dependability inComplex & Critical Information Systems michel.riguidel@telecom-paristech.fr Écolenationalesupérieure des télécommunications Depend 2008, Cap Esterel, August 27, 2008

  2. Plates tectonics : Continental drift for scientific disciplines Convergence of disciplines Tools, Methodology Dependability Security Trust Divergence of conceptual models Trust is a binary relationship Michel Riguidel, Paris

  3. Internet is broken :how to heal the future fragile communications ? Privacy Mobility Trust Security Efficiency IDS Honey-pots PKI SSL Firewall IPv4 IETF Digital signature IPv6 3GPP Anti-virus virus IPSec TCP spam Patches Packet Router Web URL MPLS DNS XML Michel Riguidel, Paris

  4. The new landscape in security New standard bodies ONS Trans-continent Virtual Organizations Domino effects Quantum Crypto for distribution of secrets Illicit computations Spontaneous massive attacks Zetta bytes of data identification IP addresses Physical attacks on individuals Overlay, P2P, Grids XML, Message, document DDoS Asymmetric cryptography Intrusion, Malware Illicit content Computer virus Michel Riguidel, Paris

  5. Hidden Web, Deep services : death of the 7 layer model Old Internet : flat architecture Future Web : distributed “aggressive” services First Drawing of Internet (1962) Example : Skype architecture Michel Riguidel, Paris

  6. Languages :complexification of abstract typing 1955 1958 1965 1986 1992 Pointers: Static Structures Java Pointers : objects, dynamic, programs Floats, Integers Independent within the memory List : organization of the memory with strings John Backus John Mac Carthy Fortran Dennis M. Ritchie Lisp C C++ Bjarne Stroustrup Michel Riguidel, Paris

  7. Networks :Complexification of abstract typing of links 1960-2000 2000-2010 2010-2020 2020-2030 Traditional network : nodes and links ubiquity Overlay network, P2P : Introduction of topology BitTorrent, Chord Asynchronous Text Text Mining Scalable protocols Virtual tier networks : Static structure of personalized nodes Geography Multimedia Semantic dynamic networks : Programmable structures History memory Google Web Knowledge Ontologies Michel Riguidel, Paris

  8. Regular: artefacts for individuals & enterprises Identification & Authentication Accountability, Non repudiation Traditional security to be improved and revisited (architecture & protocols): Classical Cryptography Engineering Security Michel Riguidel, Paris

  9. Dwarf : tiny program, simple artifact, scarce resource Traceability The digital world is neither fractal nor scalable … For tiny objects, Emergence of self-* models at the collection level Identification & Authentication Stochastic Security Strong security at the collection level (architecture) Cheap weak security at the individual level (massive & simple algorithms) Michel Riguidel, Paris

  10. Huge, Giant : Complex systems, inextricable problems Availability Accountability Semantic security for Complexity & human values Trust Michel Riguidel, Paris

  11. Digital hybrid urbanization : holistic future Internet No more monochromic, mono-technology security Current Internet WDM-IPv4-IPv6-MPLS Post-Beyond 3-4G Services Hooked to several infrastructures Internet of Things Galileo-GPS-Glasnos Clock and Position Michel Riguidel, Paris

  12. Computational Cryptography Traditional hierarchical ladder of the current internet Re-equilibrium of forces within the future internet (attacks, cryptanalysis) Massive externalized furtive computer power running within the anonymous networks confidential illicit computations Governmental organizations Standalone end-user New Crypto with computation, history and geography ? Alice and Bob are no more alone in this world: They have witnesses, alibis, trajectories They leave traces … amateur Hacker Michel Riguidel, Paris

  13. A science of the Web : technical challenges • Old Web : importance of the underlying protocols • computers connected (Web pages, Web sites) • 1986 : ancient Web : (Wide Electronic Board) • 1991 : Web (Berners-Lee) • Web with text • 1995 : first success (Java encapsulated) • Bandwidth issue (wait-wait-wait) • 2000 : high data rate • Web with Multimedia • Web2 (Multiparties, Virtual), “Semantic” Web, … • Future Web : importance of mobility, context and reinvestment of Humans & Reality • Computers (Mobile, Multimedia), networks at large, within physical world • profound evolution in parallel with Future Internet • Geography : Mobility, Ubiquity • Reconciliation with nomadicity (vocal Web) • Search engines with locality, smarter search engines : Post-Google engines • History : Memory of the web (Next Generation of the Deep Web, Hidden Web) • Stochastic XML (see P Senellart PhD Thesis December 2007, Paris) • Knowledge • Representation, Visualization • Search engines, Social computing, Natural language technology • Web of intentional Things • Things will display their public life cycle, will blog (for maintenance) Catastrophic event in the protocol world in 2000 : Web Http decreases, P2P protocols raises drastically Michel Riguidel, Paris

  14. Security & Trust 1st Threshold 2nd Threshold Dissociationbetween both Infrastructures/Instrumentations of Trust & Security/Dependability Trust Continuum 1st Threshold to modify behavior 2nd Threshold to stop interacting Michel Riguidel, Paris

  15. Intercontinental Thought : new modelsbeyond an idyllic, pre-scripted vision of future networks • Neither unique nor providential solution • Model, counter-model, alter-model • Arrival of China and India on the IT scene • change in concerns (demographic, development) • change in power • Alter-models • the pseudo-libertarians (“Naives of the Internet”) • repression pure players (some governments). • Cyberspace & Cyber-governance (Kuber : rudder) • Technology free rein? • descriptive of order • no control and regulation becomes self-reflexive • normative of order • governing is defining order • In technologies, we talk about • often : what is • not often : what ought to be or what could be Michel Riguidel, Paris

  16. ICT Security and Trust Research Reflection GroupAdvisory Board on Research and Innovation for SEcurity, Privacy and Trustworthiness in the Information Society (RISEPTIS) • RISEPTIS Advisory Board will be to provide visionary guidance on policy and research challenges in the field of security and trust in the Information Society. It will do so by formulating recommendations on: • Policy environment – The development of coherent legal and administrative • frameworks, operational environments, and human behaviour relating to security, privacy and confidence, in view of the technological changes leading to and arising from the future Information Society, • Research Agenda – Future European research and development that can facilitate • the creation of an Information Society that will be secure, whilst respecting freedom and privacy of its citizens, with due attention given to the ICT infrastructures, networks, services and applications. Michel Riguidel, Paris

More Related