EU-US Summit Series on Cyber Trust: System Dependability & Security

The first workshop of the EU / US Summit Series on Cyber Trust: System Dependability & Security was held in, Dublin, Ireland on 15th and 16th November, 2006. The workshop was attended by 60 delegates (25 US, 31 EU, 1 from Canada, 1 from Australia and 1 from Japan). This event was co-organised and hosted by Waterford Institute of Technology (WIT), the project co-ordinator of the Co-ordination Action SecurIST project and also co-organised by the US National Science Foundation (NSF), Department of Homeland Security (DHS), University of Illinois, and the European Commission Unit D4 ICT for Trust and Security.

Cyber Trust Summit Organising Committee; Michel Riguidel (ENST), David Du (NSF), Jacques Bus (EC), Thomas Skordas (EC), Karl Levitt (NSF), William Donnelly ( Waterford IT), William Sanders ( Univ. of Illinois) and Brian Randell ( Univ. of Newc astle ).

The aim of this workshop, and a planned subsequent workshop to be held in Illinois in April/May 2007, was to gain a shared understanding of priority critical issues and promising dependability and security research directions, and to foster collaboration between EU and US research teams.

The organising committee of the workshop developed the programme around the following themes within Trust, Security and Dependability (TSD) of future networked systems including: Architecture and design issues, scalability and context awareness, security and privacy in dynamic wireless networks, evaluation modelling and approaches and future testbeds.

The workshop discussions and conclusions identified and initiated ideas for joint actions. In particular, some of these challenges include:-

• Architecture and design issues for TSD of Future Networked Systems including new attributes for next generation systems enabling digital convergence. The need for a Multi- mode (“Fluid”) Environment (MME) or dynamic networked environment approach for TSD systems, application aware/application specific trusted computed platforms, and long term cryptology challenges. The need for s
• calability and context-awareness challenges including large scale routing strategies, the need for better realistic abstractions for scalability, security in context to include all levels – infrastructure, applications, services and human processes, citizen empowerment i.e. giving the citizen the control and awareness of TSD to enable trust and the need for automated fault detection and remediation on a massive scale;
• Security and Privacy in dynamic wireless networks challenges including risk management approaches, control, configuration, and usage of ubiquitous devices, security infrastructures, security evaluation techniques and threat models, trust management while giving user more control over their risk levels and adaptable context, and u sability of security systems, especially in complex heterogeneous sensor systems;
• Modelling, simulation, predictive evaluation, assurance cases for evaluating the TSD of networked systems including semantic learning and understanding, using economic theory and security evaluation to make multi-objective trade-off decisions, systems to enable involvement of all stakeholders (corporate, policy makers and end users) determining accurate, quantifiable TSD metrics and models to quantify and analyse the business case and adversary attacks probability;
• Monitoring, operational assessment, auditing for e valuating the TSD of Networked Systems including network information sharing techniques at all levels (including a ttacks observed, keystrokes of users, network traffic capture in an anonymous fashion and others), overcoming barriers to information sharing, and the need for network data sharing model to include strong education element;
• Establishment of interconnected and/or common test-beds constituting existing or future international large-scale experimental facilities for supporting the testing and evaluation of new dependability and security architectures, technologies, protocols, privacy protection mechanisms, etc., together with support towards global standards. It was felt that this could lead to a significant increase in the extent and effectiveness of transatlantic co-operation in this research domain. One area of potential collaboration discussed was a future test-bed for software and services to allow experimentation at the application and services level. It was felt that such a facility would enable other classifications of users, who ordinarily would find it very difficult or even impossible to set up their own application and service provisioning environments, e.g., Academia and SMEs, to effectively try out their ideas in these environments without the overhead, time, expense and skill base required in setting up the required underlying infrastructure from scratch. Therefore, a test-bed of this kind that allows realistic experiments to be run would open up valuable opportunities for these parties to venture into service-oriented solutions.

All presentations and position papers are available on www.securitytaskforce.eu

A workshop report will be published by the end of January 2007 and will be available on the website.