Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • MMasera Presentation Delft June27

    Enviado por

    gigi
    19 visualizações16 páginas
    dada

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    dada

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    19 visualizações16 páginas

    MMasera Presentation Delft June27

    Enviado por

    gigi
    dada

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 16

    Trust and vulnerabilities in the

    Information Infrastructure

    Marcelo Masera, Marc Wilikens

    Joint Research Centre Institute for the Protection


    European Commission and Security of the Citizen

    Innovations for an ee-Society


    -Society
    Challenges for Technology Assessment
    Berlin, 18 October 2001
    Overview

    • The Information Infrastructure


    • Information assets
    • Risk and trust
    • Cases:
    – Health care sector
    – Electric power sector

    18 October 2001 JRC - Cybersecurity Group 2


    The citizen and the e -Society
    e-Society

    PC (home, work) e-Commerce


    Mobile phone Health care
    PDA Utilities
    Internet kiosks Government
    Smart home Bank & insurance
    Car …

    Computing + Non-linear
    communication + Tightly coupled
    organisational systems Most complex
    machine ever built

    18 October 2001 JRC - Cybersecurity Group 3


    The information infrastructure
    Emerging “public utility”
    – Internet + Public Telephone Networks (fixed and mobile) + …

    Characteristics:
    – Behaves as single system, but multiple owners
    – Multi-jurisdictional, heterogeneous, unbounded
    – Topologically and technologically evolving

    18 October 2001 JRC - Cybersecurity Group 4


    The layered model
    User
    Sector
    Value-added services specific
    Generic end-user services applications

    Network management services Information


    Information
    Network Basic network services Infrastructure
    Infrastructure
    Data transmission Local access

    But, the services provided by the information


    infrastructure are not assured…
    And it is subject to failures and malicious attacks
    18 October 2001 JRC - Cybersecurity Group 5
    The infrastructure today
    • The infrastructure is fault-ridden & vulnerable
    • Developers interested on cost and time-to-market
    • Operators don’t consider the effects of service disruptions
    • Nobody is concerned with overall security, safety or reliability

    • Features
    – Availability, timeliness, bandwidth: best effort
    – Integrity, confidentiality: application-level solutions

    – Service level agreements: not standard yet

    18 October 2001 JRC - Cybersecurity Group 6


    Why be concerned?

    Information assets Î value Î potential damage

    Thus, the main issue is Risk

    But benefits and risks for all stakeholders


    are not obvious
    for developers, operators and users

    18 October 2001 JRC - Cybersecurity Group 7


    Information assets
    • Not just raw data From
    undefined
    item

    • But information that


    needs to be assured
    – Contents To assured
    product
    – Assurance marks:
    • Univocal identification
    • Life-cycle events
    • Trust properties

    18 October 2001 JRC - Cybersecurity Group 8


    User requirements
    Users
    – rely on many actors, the majority unknown
    – have specific requirements

    Functionality
    • Data transfer and services
    Quality features
    • Availability: capabilities, services, data
    • Integrity: data transmission, data handling
    • Confidentiality: for all actors (source, user, intermediaries)
    • Timeliness: end-to-end service timing
    • Capability: throughput, reliability

    Plus privacy!

    18 October 2001 JRC - Cybersecurity Group 9


    Trust
    Reliance requires Trust

    Networks give rise to


    chains of trust

    Structured along
    Trust constituencies

    Policies Filters & permits Protocols


    Supported by a Distributed Certificates
    Trust infrastructure security PKI

    Trust management services

    18 October 2001 JRC - Cybersecurity Group 10


    Who should be concerned?
    It is about managing risks
    at different levels: individual, national, international

    Users:
    Peer-to-peer
    – Should solve the equation trust engagement
    trust risk
    rights and obligations
    for specific assets in a given situation
    Countries:
    – Should assure each national critical infrastructure
    Social trust
    …and their interactions

    18 October 2001 JRC - Cybersecurity Group 11


    Health care case study
    Project DRIVE (IST 12040)

    Hospital
    Clinical Internal Clinical support
    ICT
    Administrative Logistics

    Information
    infrastructure

    Public health authorities Drug supplier


    Internal Internal
    ICT ICT

    18 October 2001 JRC - Cybersecurity Group 12


    Health care case study
    Patient
    record Drug
    Hospital record
    Clinical TC
    Clinical Internal Clinical support
    ICTHospital TC
    Administrative Logistics
    Anonymous
    Drug supply
    Patient Information TC
    record infrastructure
    Product
    Health surveillance
    record
    Public TC
    health authorities Drug supplier
    Internal Internal
    ICT ICT

    TC: Trust constituency


    18 October 2001 JRC - Cybersecurity Group 13
    Electric power sector case
    Generation Power plant Internal Power market agency
    company DSC / SCADA ICT
    ICT

    Transmission system operator


    Power lines SCADA
    Information
    Internal infrastructure
    ICT

    Distribution company
    LV lines SCADA ICT
    RTU
    Internal
    ICT End customer

    18 October 2001 JRC - Cybersecurity Group 14


    Electric power sector case
    Production
    Generation record Internal Power market
    Power plant
    Energy production Energy price agency
    company TCDSC / SCADA ICT record ICT

    Energy network
    Transmission system operator TC
    Transmission
    Power lines SCADA
    record Information
    Internal Energy market
    infrastructure
    ICT TC
    Energy distribution
    Distribution company Energy
    TC
    LV lines SCADA consumption
    RTU
    record ICT
    Internal
    ICT End customer

    TC: Trust constituency


    18 October 2001 JRC - Cybersecurity Group 15
    Conclusions
    Need to conceive
    Trust
    for a “networked” society

    – Develop concepts and technologies


    e.g. from “fortress/Maginot” to “networked” security

    – Determine responsibilities and social functions


    e.g. new private-public partnership

    18 October 2001 JRC - Cybersecurity Group 16

    Você também pode gostar