Regional Security through Data Protection

Abstract

Autor: Boris Dragovic, Boris.Dragovic@cl.cam.ac.uk

Systems Research Group
Computer Laboratory
University of Cambridge

Title: Ubiquitous Systems Security

Abstract: The advent of Ubiquitous Computing era represents another big shift after the transition from mainframes to personal computers. The Ubiquitous World is characterized by always-on, always available, computing embedded in the environment and indistinguishable from it. We are at the stage at which the use of mobile phones, personal digital assistants and laptops is almost indispensable in our every-day business and private lives. Increased mobility and availability of data on-the-move has major implications for success of our businesses and growth and competitiveness of our economy. However, the complex nature of emerging systems makes the task of ensuring security and privacy of vital data one of the toughest challenges yet to face, both in technically and financially.

In this talk I shall first shortly outline some main characteristics of the Ubiquitous systems. Then, I will go on to argue that Ubiquitous systems break enterprise security boundaries and that the notion of a security perimeter, in a way in which we used to think about it, fades away. I shall approach this by comparing the current strategies employed for data security and privacy protection, through their requirements and characteristics, to the requirements we face in the Ubiquitous world and outlining the key differences and some common misconceptions.

In the end, I will shortly present project CASPEr (Containment Aware Security for Pervasive Environments), project I am leading at the University of Cambridge Computer Laboratory. CASPEr is aimed proactive data security and privacy protection in Ubiquitous environments. It focuses on maximizing data availability while protecting its security and privacy through recognizing specific threats inherent in different contexts, expressed through versatile security policy, and mitigating them through a set of proactive data format management actions. I shall also discuss how the new paradigm relates to the issues raised previously and how it fits into overall data security and privacy protection strategy needed for a successful economy and high quality of life in the new era.