Collaborative Computer Security and Trust Management

Collaborative Computer Security and Trust Management

Jean-Marc Seigneur (Université de Genève, Switzerland) and Adam Slagell (National Center for Supercomputing Applications, USA)
Release Date: December, 2009|Copyright: © 2010 |Pages: 317
ISBN13: 9781605664149|ISBN10: 1605664146|EISBN13: 9781605664156|DOI: 10.4018/978-1-60566-414-9

Description

As the Internet grows and connects the world in new ways, computer security must become global and collaborative to understand and react to harmful security threats.

Collaborative Computer Security and Trust Management combines perspectives of leading researchers in collaborative security to discuss recent advances in this burgeoning new field. Practitioners, researchers, and academicians are presented with lessons learned by international experts to meet the new challenges of security in the global information age. Covering topics such as trust-based security, threat and risk analysis, and data sharing, this reference book provides a complete collection of the latest field developments.

Topics Covered

The many academic areas covered in this publication include, but are not limited to:

  • Challenges in sharing computer and network logs
  • Collaborative security
  • Data protection in collaborative business applications
  • E-networks and trust
  • Incident detection and response
  • Securing mobile-agent systems through collaboration
  • Teamworking for security
  • Tensions in collaborative cyber security
  • Trust Management
  • Trust-aware recommender systems
  • Trust-privacy tradeoffs in distributed computing
  • Trusted computing for collaboration

Reviews and Testimonials

Collaborative Computer Security and Trust Management addresses how we can meet some of the challenges faced by using technology to create and sustain alliances within trust-based collaborative structures.

– Andrew Robinson, European Consular and Commercial Office, UK

Table of Contents and List of Contributors

Search this Book:
Reset

Preface

TENTATIVE

2007 may come to be seen as a pivotal year for eGovernment. The pivot was that curse of politicians- unexpected and destabilizing events – anticipated by some experts, but unheeded in many ICT programme developments. It was the year that the drive for eGovernment services suffered a series of highly media-sensitive setbacks, despite the surge in people using the Internet for both public and private purposes, especially retail uses. In the public domain there is the UK Government , for example, scoring well in international benchmarking, and moving to consolidate its own dispersed websites into two, one for citizen services, the other for business services. But despite such advances, a series of data losses on a large scale, with some data turning up in the USA, raises questions about how citizens and their children can be fully protected in what has been an open, often outsourced data management culture. These problems are having a political effect also, with large-scale IT schemes, such as the national identity card project, and the on-going IT for Health project in the NHS, coming under closer scrutiny from all sides. Even in the private sector, the problems of on-line fraud, eBanking security concerns as exemplified by the Societe Generale affair, and identity theft risk denting the wider need for trust among customers. A realisation is emerging that citizens needs and customers demands are not quite the same thing. Questions are being asked about control, accountability, trust and security, not just at national and international level but within regions as well. These will assume an even greater urgency and political potency when the sharing of data across borders by public administrations is accelerated in the years ahead. People will demand even greater control over cross-border data management systems where their personal data is concerned. This has profound implications for political cultures within countries and within collaborative inter-state constructs such as the EU, demanding a new culture based on citizen-centric expectations understood , acted upon and protected by their eGovernment guardians.

Rebuilding the Bridge of Trust

If 2007 was a pivotal year for data assurance management, 2008 and beyond will be years when a range of questions will be raised entwining technology and politics as never before, and with civic concepts such as trust, security, fairness and transparency bridging both technology and politics.

The following list of questions will inform the debate :

  • how secure is the whole outsourcing process, when personal data is handled in India, USA, or wherever?
  • Should lower costs determine the outsourcing process?
  • Should ‘efficiency gains’ continue to take priority over the needs for security and access?
  • Under what rules and conditions is data held and exchanged in the countries and companies which handle data on EU citizens, and people from around the world visiting the UK?
  • How accountable are companies, including non-EU companies working for EU Governments, to the taxpayer and governments when major security leaks occur?
  • How adequate and sufficient are financial penalties or criminal penalities to encourage robust baked in security from the outset? How fast can they be updated to keep pace with technological advances?
  • How do Parliaments scrutinize major eGovernment programmes? Is scrutiny enough to ensure real accountability or is accountability no longer possible?
  • How can legitimate concerns among citizens be addressed?
  • How can vulnerabilities in remote and online transactions be addressed to decrease fraud and the exponential rise in cybercrime?
  • If current eGovernment projects are judged to be insecure within a national context, what chance is there of getting popular support for either exchanging data at the EU level or for automated European interoperability between public sector data systems?
  • How can the socially excluded and disadvantaged, the disabled and an ageing population be expected to keep in step with and collaborate with eGovernment procedures, if they fail to provide the essential requirement of trust and reliability in handling individuals’ data?
  • How does Government restore confidence in its ability to manage large IT schemes, and create alliances with citizens on benefits of both cost and service?
  • What can we learn from other countries, especially other EU member states and regions?
  • What lessons might be learned from studying the CNIL in France, a national watchdog on the impact of Internet-based technologies on citizens’ privacy?
  • How will states cope with Article 8 of the Services Directive, which will implement Internet-based service provision cross-border?
  • Should citizens be able one day to monitor and even control some key aspects of their data held by Government?
  • What are the objections to allowing citizens to be in control of access to and the release of their personal data?

National Awareness Enhanced by European Engagement

Just as research informs innovation and development in the private sector, so its effect in government needs to be understood and selectively utilized, where it brings benefit.

But too often policymakers fail to appreciate the relevance and applicability of many research projects and recommendations. Instead, they seem to prefer the recommendations of private-sector consultants and miss, through lack of awareness or a tendency to seek the traditional private ‘solution’ , the evidence of research funded by government itself in universities and national research laboratories, or research funded by the EC often with key inputs from the UK’s research community.

There has never been a better time to engage in a process of mutual learning. Most major government projects now involve large ICT commitments and components. The European Data Protection Supervisor regularly identifies and reports on privacy and data handling weakness and solutions. Governments and citizens are anxious about and perplexed by ICT-led developments in biometric identification in passports and other ID domains, data management, fraud and ID theft, never mind the future challenge of the Internet of Things at the very time when there has been a massive increase in international mobility. Rather than being surprised by events in the future, it is essential that, within the EU, Governments are alert to, engage with and shape not just the ICT but also the citizen-centric implications of the implementation of Article 20 of the EU Treaty on diplomatic and consular protection for citizens, moves towards a Common Consular Space and an EU External Action Programme, cross-border healthcare provision, judicial and police collaboration, and convergent standards for EU passports and visas. The internal borders of the EU have been largely dismantled; now the electronic barriers need to be removed. But just as recent referenda indicate that EU citizens have often felt left behind or just ignored in the rush to implement the Single Market and the euro programme for business, so this next challenge must involve the security, well-being and trust of the citizen as a prerequisite not just of administrative success but of the eGoverned’s assent to extend their civic rights into regulatable cyberspace.

Better National Protection and Performance Informed by EU Programmes and Projects

A number of initiatives funded by the EC demonstrate the capacity to test, criticise and question the ways governments tackle national challenges, by taking a wider, Europe-wide view informed by good practice from public-private consortia, experience and piloting. Often such projects involve the evidence of small countries with pioneering experience of eGovernment. Below are some EC, national and regional projects from which other states and their regions can benefit in shaping their own domestic eGovernment programmes:

  • the Burgerkarte and successful eGovernment projects of Austria
  • the eJustice EC project (2004-6), and eJustice programme piloted again by Austria
  • secure eVoting in Estonia
  • The FIDIS project and its implications for biometric identification
  • the SecurEgov project into security for pan-European interoperability systems
  • the Challenge project examining implications for egovernance on traditionaldemoctaric institutions and procedures
  • the eGovernet Project led by Sweden into eGovernment Research in the EU
  • the recently launched STORK project into eID
  • the R4eGov Integrated Project into secure eGovernment data exchange interoperability at scale between member states and agencies
  • the Hadrian project in the North East Region of England, a private-public partnership approach to restoring trust in ICT-led business and bureaucracy

Controlling Technology, Renewing Democracy

This book addresses how we can meet some of the challenges mentioned above by using technology to create and sustain alliances within trust-based collaborative structures. Understanding the tools available, and how we can better harness them for such tasks means that much of this volume addresses the technical sphere. For this, no apologies, because it is only with better instruments, those which already exist and also those we need to invent, that we can advance the trusted agenda of the eGoverned. The Internet has created wealth, mobilities, and opportunities for work, leisure and learning at an unparalleled scale. It has also spawned a rash of global threats and intrusions into our everyday lives, creating apprehension and insecurity. Research which can help decision-makers and governments to learn, constanty, how best to built collaborative trust between themselves and their citizens or clients is one important pillar in rebuilding trust in the Internet age. And it is not just trust in the process of data management which is at stake, but trust in the clear and stated ability and resolve of democracies to master for its peoples their entitlement to the widened, secure, and better life offered by the Information Age.

    Andrew Robinson, European Consular and Commercial Office, UK

Author(s)/Editor(s) Biography

Jean-Marc Seigneur is assistant professor at the Université de Genève, Switzerland. His main research topic is computational trust and reputation management. He is also chief research officer of Venyo, which is a leading company in online reputation services. He has co-authored more than 45 scientific publications and worked on many multi-million euros R&D projects funded by the European Union.
Adam Slagell is a senior security engineer at the National Center for Supercomputing Applications (NCSA) at the University of Illinois where he leads the LAIM (Log Anonymization and Information Management) working group as the National Science Foundation (NSF) PI on a grant investigating effects of log anonymization on security, privacy, and usability. He is also the security architect and policy developer for the Blue Waters petascale computing project to build the world's fastest supercomputer in 2011. Mr. Slagell has worked on collaboration between the NCSA and the FBI, served as a co-chair of the SECOVAL workshop, and been a reviewer for IEEE journals and the NSF. His research interests and past projects include work in security visualization, applied cryptography, secure group communication, secure e-mail list services, digital forensics, honeypots, risk analysis, and intrusion detection.