Click here to go to the main DIRC site
PA 6
 Click here to visit Lancaster University website

 

Click here to go to the home page

Click here for Documents

Click here for latest news

Click here for Personnel Pages

Click here for Project Activities

Click here for project themes

Click here for Links

Click here to E-mail DIRC

 

Click here for PA1Click here for PA2Click here for PA3Click here for PA4Click here for PA5You are currently on the PA6 pageClick here for PA7Click here for PA8

 

Security and Privacy in Computer-based Systems (PA6)

Security is a critical aspect of dependable systems. Work in information assurance has traditionally been dominated by the government/military sector, and has concentrated on the technological aspects. As a result, it is not necessarily appropriate to the societal and interdisciplinary requirements that are the focus of DIRC.

Traditional security policies typically either allow or forbid information flow along certain channels, between certain domains. However, it may often be necessary to allow partial information flows, for example to release statistical data, render data anonymous, etc. In the healthcare context, there is also the problem of dealing with the potentially conflicting interests of several stakeholders: patients, clinicians, researchers, administrators, insurers, law-enforcement, etc. This again contrasts with traditional models in which, typically, policies are centrally enforced.

Security must be cost-effective and not impede system usability. Absolute security is not feasible and we must acknowledge that systems will be vulnerable to intrusion. Our systems must therefore use a combination of prevention, detection, correction, and auditing.

We will seek to clarify the human role, both positive and negative, in the security of the system. This will involve investigating human security failure modes and the psychological and sociological factors influencing the different people involved, including attackers.

The Laprie/Randell dependability model will be enhanced to take into account the malicious, non-stochastic nature of threat. As it appears to be impossible to assign meaningful probabilities to the occurrence of attacks, other measures of system robustness against attack such as adversary time and effort may need to be found.A promising avenue is the role of diversity in security. Used effectively it can, for example, support assumptions underlying threshold schemes. Used poorly it can expose the system to attack against the weakest link. Diversity is double edged: adversaries may also seek to exploit diversity.