At ASECOLab we try to solve some problems of security and economics in cyber space. Security and economics are, of course, two sides of the same coin: wealth comes with security, security with wealth. In the early days of computing, the problems of security and economics were tackled separately; but it is becoming increasingly clear again that many security vulnerabilities cannot be solved without an economic analysis, and that many economic problems require security solutions.
There are already many different approaches and directions in security. Why seek new ones? Security is one of the driving forces of history: both war and diplomacy are efforts towards attaining security goals. With the advent of computers and their spreading through our work and life, computer security came into focus, as a new family of engineering problems. A new family of security solutions emerged from modern cryptography, based on the capabilities and the limitations of computers. Diffie and Hellman’s paper New directions in cryptography is often mentioned as the inception point of the revolution that produced the cryptographic tools of computer security. But as computers joined into networks, cyber security emerged as a new problem area, where the old solutions didn’t seem to apply. Resolving the problems of cyber security seems to require a paradigm shift, akin to the one brought forth in cryptography by Diffie and Hellman’s ’New directions’. We are thus looking for new directions in cyber security . Tables 1 and 2 provide a crude overview of the paradigmatic shifts in computation and in security.
Table 1: Paradigms of Computation
|age||ancient times||middle ages||modern times|
|applications||Quicksort, compilers||enterprise systems||WWW, botnets|
|requirements||correctness, termination||liveness, safety||trust, privacy|
|tools||programming languages||specification languages||scripting language|
Table 2: Paradigms of Security
|age||middle ages||modern times||postmodern times|
|space||computer center||cyber space||cyber-social-physical space|
|assets||computing resources||information||public and private resources|
|requirements||availability, authorization||confidentiality, integrity||trust, privacy|
|tools||locks, tokens, passwords||cryptography, protocols||mining and classification|