Security for Safe, Open and Amicable Digital World

A vast number of social, economic, political, cultural, scientific, educational and even entertaining services, which are essential to the contemporary society, are either already or are going to be created on line. The omnipresent local, national or global digital systems that generate a transcendent service space depend on technologies, policies, regulatory settings, economic and political interests, social relevance, human knowledge and boredom. Obviously, in these highly dynamic environments quite often termed as digital societies, “where everything is a service and service is everything”, the design, implementation, adoption and use of secure, resilient, privacy aware and trustworthy technological and social infrastructure, simply means a difference between a functioning and a non-functioning world.

With information services being ubiquitous, mobility implied, and availability assumed, information accountability and responsibility, as well as transparency are vital attributes of the comprehensive approach to the research in security, privacy, trust, and assurance. The work draws on general systems (both artificial and living) theory, psychology and sociology of communication, various management concepts, decision and risk analysis, algorithms for manipulating large volumes of data, software engineering, design and implementation of resilient and reliable e-Infrastructures including Internet of things and clouds, producing and preserving the integrity of digital evidence to keep the digital world safe and amicable, and preparing for the challenges such as any Internet scale events, that include massive distributed cyber attacks, black-outs and dark nets.

The changed expectations of digital services by consumers, producers, and providers posit the need for additional and novel paradigms to be included and eventually extended the traditional realm of what is understood under all-encompassing approach.

Some of these services have seen a slow rate of adoption due to legitimate concerns about privacy and security, which again reiterates the importance of these areas and their blend with socio-psychological demands.

In addition, the research should discover models for identifying and analyzing digital evidence, and protocols for digital forensics that will enforce the salient features of accountability and yet protect privacy from various sources of data mining activities that should undeniably be subject to legal framework. Moreover, the emergence of Internet and network forensics should produce procedures and tools that work beyond discovery of irregularities. In other words, they should create systems for real time control of security and privacy that should increase the overall resilience and trustworthiness of the information space.

The present state of the e-Infrastructures, with mobility and ubiquity induced from connecting small scale digital devices (SSDD) that along with the affordances of IPv6 address space provide conditions for presence in the cyberspace of each entity that we are aware of and creates the space termed as “Internet of Things”. This has necessitated the modification of the services architecture including cloud and utility infrastructures that include elements of self-configuration with an increasing potential for autonomous behavior. In this context, secure system design, verification and validation encompassed by a number of standards is still a daunting task since it involves the merger of various protection mechanisms in conjunction with system security policy and configurations.

All of this makes the modern organizations somewhat without traditional boarders as novel structures emerge. Traditionally risk and security management has been founded on fairly simple models where anticipated annual losses from ICT security risks have been evaluated towards costs incurred by protection efforts. The emerging environments and circumstances call for widening the perspectives and introducing innovative frameworks and standards including aligning them with existing ones. Financial and legal aspects need to be incorporated as well.

Good systems security requires constant vigilance by aware and knowledgeable users. There are a number of interdependencies between the success of the security systems and how knowledge and awareness of security solutions and problems are maintained and developed in an arbitrary system. Research within this area is directed towards modeling and measuring how security awareness and knowledge is and can be best managed in a system.

Applied social technical analysis and modeling attempts to model both the static and dynamic IT systems security. The static characteristics are seen as a layered framework of social and technical security measures. The dynamics of IT systems security are captured by applying this layered framework to the problem of secure communication both within and between cooperating and attacking systems. Being both technical and social makes the tools developed in the research multidisciplinary.