1 / 12

Evolving communications paradigms and Security

Evolving communications paradigms and Security. Karen Sollins MIT CSAIL January 23, 2007. Overview: pulling on several threads. Evolving communications paradigms Evolving social model Evolving security challenge. Communications: E2E. Point-to-point Letters/email Telephones

jean
Download Presentation

Evolving communications paradigms and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evolving communications paradigms and Security Karen Sollins MIT CSAIL January 23, 2007

  2. Overview: pulling on several threads • Evolving communications paradigms • Evolving social model • Evolving security challenge

  3. Communications: E2E • Point-to-point • Letters/email • Telephones • TCP connections • Broadcast/multicast • Print media - underneath 1:1 • Radio/TV • IP multicast • From source to destination: some direct, some store-and-forward (e.g. intermediate servers)

  4. Client/server: mostly E2E • Remote invocation of specific server • Distribution of “server”: clusters, load balancing, even some P2P systems (collaborating servers) • P2P systems: each element can be both client and server

  5. Intermediated communication: losing E2E • Middle boxes • Forwarding (e.g. home for mobiles) • Firewall • Caching • Rendezvous (e.g. for multimedia conferencing) • Beginning to break direct, realtime communication

  6. It’s the content • WWW and URLs • Time and space separation • Not a question of when (realtime, etc.) • Not a question of where • Question of what • Identification • Search • Pub/sub • Specification of what something is • Specification of interest or subscription • Current examples: social networking, news subscription services, …

  7. Key components • Information • (Set of) Publishers • (Set of) Subscribers • Attributes: how to publish or subscribe • Policies: (publisher, {attributes}) or (subscriber, {attributes}) • Trust model Note: Can be simplified to achieve any of the other models, subsumes them.

  8. The evolving social model: Trust and security • Letter-writing: recognize handwriting • Telephone: recognize voice • Email: recognize email address • TCP: recognize IP address • Trust based on • Confidence in unmodified delivery • Confidence in correctness of source

  9. And along came…(in the Internet) • Forgeable email addresses • Forgeable IP addresses • The Morris worm • Viruses and other malware • Business opportunities • Enterprise and other organizational controls • ISPs • … Note: not all “bad”, just competing objectives

  10. Tussle: competing concerns • Question: why do we care? • Sharing • Cooperation • Exposed contention • Question: can we design for it? • Question: is it monolithic? • Economics • Security • Social status • … • Question: where are the control points? • Regulation • Specification • Design/implementation • Operation

  11. Security challenge: Trust model • Not universal: regional, topical,…  context (e.g. Nissembaum, social networks) • Not binary or pairwise: scalable, commutative, …  value-based, community-based • Not immutable  evaluatable, assignable Consider: if assignable must have ability to assign “to something”. Therefore require appropriately defined identities.

  12. Advertisement (disclaimer here) The Security and Privacy Working Group: current agenda To explore the nature of identity required in an information-based communications paradigm, as a basis for examining the nature and capabilities required for trust and security

More Related