The Knowledge Management Lab
University of Toronto

Description

Security and, to a lesser extent, privacy have been active research areas in computing for a long time. Techniques such as access controls and firewalls have been developed to protect data, programs, and more recently networks, from attacks or other infringements. However, most of these techniques were developed for earlier generations of computing environments that were usually under the control of a single, closed jurisdiction -- such as a single enterprise with a well-defined boundary. The open Internet environment, together with new business and organizational practices, has increased the complexity of security and privacy considerations dramatically. In such a setting, a system could potentially interact with and share information with many other systems, often based on ad hoc and dynamically negotiated configurations. Traditional models and techniques for characterizing and analyzing security and privacy are ill-equipped to deal with the much higher social complexity that is implicit in this new setting.

This project aims to develop a methodological framework for achieving security and privacy for internet services. We recognize that security and privacy issues originate from human concerns and intents, and thus should be modeled through social concepts such as strategic social actors and social dependency networks. Social concepts are extended to cover relationships among software systems and components as well, as human intentions are embedded in and exercised through software.

We will use this methodological framework to build and maintain a knowledge repository containing best practices in security and privacy related to internet services. Using this repository, we plan to build an interactive tool that will support system designers, administrators and assessment officers by bringing relevant knowledge to bear at decision points.