Second EU-US Workshop on Secure, Dependable and Trusted ICT Infrastructuresby Jim Clarke and Thomas Skordas The 2nd EU-US research workshop on "Cyber Trust: System Dependability and Security" was held in Illinois, USA, in April 2007. This article presents the themes discussed and the main workshop conclusions. The second EU-US research workshop on "Cyber Trust: System Dependability and Security" was held in Illinois, USA 26-27 April 2007. It was attended by 40 delegates from the EU and the US, along with a few representatives from Canada, Australia and Japan. The event was organised and hosted by the University of Illinois in close co-operation with the US National Science Foundation (NSF), the US Department of Homeland Security (DHS) and the "Security" unit of the European Commission's Directorate General Information Society and Media. The workshop aimed to ensure progressive continuity of the consensus building achieved at the first workshop on the same subject held in November 2006 in Dublin, Ireland (see related article in ERCIM News No 69 of April 2007). The guiding principle was to identify and develop further those research areas that require and will benefit from international collaboration, while examining the structures and mechanisms that could potentially enable and fund the proposed work. The workshop was structured around two main technical themes: (1) "Architectures, Protocols and Environments for Trust, Security and Dependability (TSD) of future Polymorphic Networked ICT Systems"; and (2) "TSD Attributes and Mechanisms for future Distributed Services and Content, future Overlay Networks and Applications". A transversal topic was also introduced across these two technical themes covering "Test beds, data sets, and models for quantification, evaluation and validation". At the workshop, there was a broad agreement that the current EU-US cooperation was necessary and should be further elaborated. The workshop also permitted to draft a joint list of research topics relevant for international cooperation and stimulate further discussion on how this could be implemented. The main workshop conclusions are summarised below: 1. Architectures, Protocols and Environments for TSD of future Polymorphic Networked ICT Systems 2. TSD Attributes and Mechanisms for future Distributed Services and Content, future Overlay Networks and Applications 3. Test-beds, Data Sets, and Models for Quantification (Metrics), Evaluation (Techniques) and Validation (Processes) The following topics were debated in both the above sessions: Consumer issues: They include the need to build mechanisms that guarantee privacy, traceability, anonymisation and use of pseudonyms of the legitimate users, while at the same time, they permit to locate, track and trace malevolent users at individual, group or organization levels. A new security paradigm needs to be defined that strikes a reasonable balance between a ‘Big Brother Society’ and a confidence building, privacy and ethics protecting society. Establishing society’s confidence in the new digital world would require creating a palpable security environment that enables citizens to control the type and level of protection associated with the digital goods and services they have access to. It would also require developing trust, security and dependability technologies that are unobtrusively and transparently integrated in daily life and not becoming a source of potential problems and nuisance as often perceived today. Emerging Global Risks: Digital systems evolve, but the threats and types of attacks also change continuously. There is, thus, a need to permanently survey and identify new attacks, to monitor potential network and service vulnerabilities and to look for new emerging risks. Examples of such risks at the global level include: excessive disclosure of private information, bullying, identity theft and squatting and predators masquerading. International Test-beds and Datasets: Ways to interconnect test-beds should be explored, including the connection of test-beds that were developed as standalone by the different countries. Such test-beds would permit to share data sets and carry out validation in a co-ordinated manner, internationally. Cooperation can be established on various levels: means and results, approaches, infrastructures, software and data. The problem is how to federate such test-beds, taking into account cross-testing, mobility aspects and security policies as users move in and out of different environments. Additional problems to address for enabling the sharing and exchange of data and information relate to the intellectual property, interoperable data formats in repositories, the “diluted glory” factor, the confidentiality or the reproducibility of experiments. Two specific examples of future test-beds discussed were a test-bed on international application and software services that could be built on top of GENI with a number of application-level experiments and a test-bed for wireless or sensor networks. Mechanisms for International Collaboration: Participants also discussed mechanisms that EU and US funding agencies could make available to assist the continued international collaboration. These included the establishment of a co-ordination type project that could act as catalyst to facilitate, drive and set up future activities in a systematic fashion. Ideas for additional international projects included dynamic service coalitions, privacy, and legal considerations for global cyber-security involving all relevant stakeholders (technologists from academia and industry, policy makers, legal, consumers). A number of realistic cooperation mechanisms based upon existing programmes in each country were also presented by representatives of the European Commission, NSF and DHS. The Japan Science and Technology Agency and Australian NICTA have indicated a willingness to run a parallel programme that could work alongside the EU and US efforts. Links: Workshop report: 1st EU-US workshop report on Cyber Trust: Please contact: Thomas Skordas, European Commission |
tssg.org