by James Clarke
An EU-US workshop on research in 'Cyber Trust: System Dependability and Security' was held in Dublin, Ireland on November 15th and 16th, 2006. This article presents the themes discussed and the main workshop conclusions.
Secure and reliable information and communication systems and networks play a key role for a healthy growth of the Information Society. Today, the global character of the Internet and other ICT Infrastructures, the scale of security & trust problems we are facing and the related research challenges to address call for intense international cooperation research activities.
An international workshop was thus held in Dublin, Ireland on November 15th and 16th, 2006 on research in "Cyber Trust: System Dependability & Security". Its aim was to gain an understanding of the priority of mutual critical issues and promising dependability and security research directions, and to foster collaboration between EU, US and other developed country's research communities. The workshop was attended by 60 delegates from the EU and the US, along with representatives from Canada, Australia and Japan. It was co-organised by the IST-FP6 Co-ordination Action SecurIST, Unit INFSO-F5 "Security" of the European Commission's Directorate General Information Society and Media, US National Science Foundation (NSF), Department of Homeland Security (DHS) and the University of Illinois.
The workshop was structured around six thematic panel sessions. Discussions held enabled the identification of a number of challenges and research priorities in ICT Trust, Security and Dependability (TSD) and triggered planning of some joint EU-US actions to address them.
The workshop themes and their conclusions were the following:
1. Architecture and design issues for TSD of Future Networked Systems
Future emerging networked ICT systems will be large-scale, complex mixed mode environments consisting of diverse computing, communication & storage capacities. They will be based on the model of service-centric computing, systems of embedded systems and a mix of classical computers and embedded systems on the Internet. The discussion focussed around the new TSD attributes that such future ICT systems should be endowed with. These include trustworthiness and resilience, protocols, languages, metrics, internet routing paradigms, security provision technologies (cryptology, trusted functionality, multi-modal biometry, etc.), adaptive detection, diagnosis, run-time response mechanisms and stochastic security in core/access networks from an end-to-end perspective. For these new systems, there is a need to specify not only the underlying service semantics but also the TSD semantics and metrics for designing resilient architectures and secure network protocols and for detecting and measuring any anomalous behaviour.
2. Scalability and context-awareness for TSD of Future Networked Systems.
Discussions focused on multi-layered, scalable and context-aware approaches to make future networked systems secure and dependable. The main conclusions focussed on the need to extend scalability from all perspectives (hardware, software and systems) through better, realistic abstractions and by focusing on three phases of a system's lifecycle: (a) capturing network functionality, system performance and end-users requirements (b) System design, and (c) System evaluation and testing. Other discussions focussed on: development of a formal authorization engineering framework to increase the authorization capability limits required in order to support multiple administrative domains; automated fault detection and remediation techniques for application on a massive and growing scale; and, support of health management of autonomic system-of-systems approaches that enable automated fault detection and remediation on a massive scale.
3. Security and privacy in dynamic wireless networks of evolving systems composed of ad hoc coalitions of large numbers of sensors and devices for new personalized services.
The main conclusions focussed on addressing the lack of a security infrastructure, of threat models and of adequate security evaluation techniques for dynamic wireless networks. The main research directions identified to address this challenge were: testing methods and threat models; security infrastructure akin to tethered networks; federation of security policies and mechanisms across multiple domains; adaptive systems based on context; trust management while giving users more control over choosing risk levels and adaptable context; and, usability of security systems, especially in complex heterogeneous sensor systems.
4. Modelling, simulation, predictive evaluation, assurance cases for evaluating the TSD of networked systems.
The main issues addressed under this theme were verification and evaluation frameworks related to (possibly) Internet-scale applications and to particular networks and networked systems. There is a need to consider the wider socio-technical aspects and interdependencies as well as their semantic learning and understanding dimensions. There is also a need to use assurance cases and claim semantics from and for different stakeholders' viewpoints in order to communicate assumptions and agree on system security. When developing the above further, scenario building and use case generation would enhance understanding and inclusion of test data. There is a need here to develop and use standard metrics for incremental security improvements and probabilistic approaches for radical security improvements and for reducing stakeholders' interdependencies.
6. Monitoring, operational assessment, auditing for evaluating the TSD of Networked Systems.
Discussions focused on dynamic and online methods of analysis and evaluation and on real time assessment frameworks, including attacks observed, observation mechanisms, audits, measurement and decision making tools, etc. It is imperative to start now with the challenges associated with metrics, measurements and analysis, even with limited systems and goals, to gain a better understanding for threat characterization, prediction, observation, instrumentation and data collection. On-line measurements are needed to control and adapt, in particular, to put in place network information sharing techniques at all levels (including attacks observed, keystrokes of users, network traffic capture in an anonymous fashion and others). There must also be put in place more incentives for the provision and sharing of data, which is needed to ensure sufficient context that would permit replication through experiments.
6. Establishment of interconnected and/or common test-beds.
Issues discussed include: opportunities for interconnecting existing experimental facilities and building joint benchmarks; test scenarios and interconnected test-beds for supporting the testing and evaluation of new dependability and security architectures; and, technologies, protocols, and privacy protection mechanisms, together with support towards global standards. Examples of identified potential shared test-beds include a test-bed for software and services to allow experimentation at the application and services level or a test-bed for dynamic wireless and sensor networks. The first would open up valuable opportunities for innovative Small and Medium sized Enterprises and Academics to venture into service-oriented solutions. For wireless and sensor network test beds, there are some standalone test beds already available but the issue that must be explored is to how to federate them taking into account cross testing, mobility aspects and security policies as users move in and out of different environments.
The full workshop report, all presentations and position papers are available on http://www.securitytaskforce.eu.
IST-FP6 SecurIST Coordination Action: http://www.securitytaskforce.eu
SecurIST contact point
Waterford Institute of Technology, Telecommunications Software and Systems Group, Ireland