Security and Privacy in Computer-based Systems
This Activity runs from January 2002 - August 2005 . Progress Update
Security is a critical aspect of dependable systems. Work in information assurance has traditionally been dominated by the government/military sector, and has concentrated on the technological aspects. As a result, it is not necessarily appropriate to the societal and interdisciplinary requirements that are the focus of DIRC. Traditional security policies typically either allow or forbid information flow along certain channels, between certain domains. However, it may often be necessary to allow partial information flows, for example to release statistical data, render data anonymous, etc. In the healthcare context, there is also the problem of dealing with the potentially conflicting interests of several stakeholders: patients, clinicians, researchers, administrators, insurers, law-enforcement, etc. This again contrasts with traditional models in which, typically, policies are centrally enforced.
Security must be cost-effective and not impede system usability. Absolute security is not feasible and we must acknowledge that systems will be vulnerable to intrusion. Our systems must therefore use a combination of prevention, detection, correction, and auditing.We will seek to clarify the human role, both positive and negative, in the security of the system. This will involve investigating human security failure modes and the psychological and sociological factors influencing the different people involved, including attackers. Find out more about the objectives of this activity.
We welcome collaboration with industrial partners and users. We are interested in helping people design devices that meets the wider needs of society, and in the problems that people have in using technology. Collaboration can take several forms, from meetings to discuss particular issues, to working together on funded projects. If you are interested in collaborating with us please contact the Activity Manager in the first instance.
A list of publications associated with this Activity is available.
The projects listed below are related to this Activity.
There is possible interaction with the Global Grid Forum , in particular the DataGRID project and the Grid Forum Security area. We will investigate the applicability of research in this area to banking. We are in contact with QinetiQ and DSTL.
|Page Maintainer: firstname.lastname@example.org||Credits||Project Members only||Last Modified: 11 August, 2005|