Description
Security and, to a lesser extent, privacy have been active
research areas in computing for a long time. Techniques such as access
controls and firewalls have been developed to protect data, programs,
and more recently networks, from attacks or other infringements.
However, most of these techniques were developed for earlier
generations of computing environments that were usually under the
control of a single, closed jurisdiction -- such as a single enterprise
with a well-defined boundary. The open Internet environment, together
with new business and organizational practices, has increased the
complexity of security and privacy considerations dramatically. In such
a setting, a system could potentially interact with and share
information with many other systems, often based on ad hoc and
dynamically negotiated configurations. Traditional models and
techniques for characterizing and analyzing security and privacy are
ill-equipped to deal with the much higher social complexity that is
implicit in this new setting.
This project aims to develop a methodological framework for
achieving security and privacy for internet services. We recognize that
security and privacy issues originate from human concerns and intents,
and thus should be modeled through social concepts such as strategic
social actors and social dependency networks. Social concepts are
extended to cover relationships among software systems and components
as well, as human intentions are embedded in and exercised through
software.
We will use this methodological framework to build and
maintain a knowledge repository containing best practices in security
and privacy related to internet services. Using this repository, we
plan to build an interactive tool that will support system designers,
administrators and assessment officers by bringing relevant knowledge
to bear at decision points.
Funding Agency: |
|
Principle Investigators: |
|
|