Attacks on the confidentiality and the integrity of data are happening more frequently and becoming more complex. For years, especially malware like viruses and Trojan horses that have exploited the vulnerabilities of user software have been created on a limited expense. In this way, a criminal "industry" was created. Additionally, in the last years, attacks have been observed where targets were attacked with an expense of several person years, apparently, performed by actors with sufficient funds and insider knowledge of the software. Last but not least, it is feared that the international value chain of hard- and software will lead to a situation where hidden functions could be added in many places. Consequently, we have to be alert to additional sophisticated unprecedented attacks on data. These attacks are an issue regarding the general function of computers and of the internet, especially when critical data like confidential business data, banking, health information, or data in energy infrastructures is affected.
In this project, it is analyzed what options there are available for the provision of security regarding attacks on the confidentiality and the integrity of data. The focus of the analysis lies on procedures for the isolation of applications of different quality (proprietary, private, sensitive, dangerous, etc.). In the project, options are meant to be worked out taking into account already existing products and approaches that are being analyzed by IT-researchers. These options will be made subject to SWOT-analyses (strengths, weaknesses, opportunities, threats) regarding different criteria such as types of threats, costs of measures, remaining risks, etc. Finally, implementation issues will be addressed and solutions will be developed. These proposals will be fed to public and political discussions on the technical options.
More information on the subject
From the project
Weber, A.; Pomper, A.
Blick in die Zukunft der Virtualisierung. Funkschau (2013)17, S. 32-33
Protecting eGovernment Against Attacks, Sydney 2013 (White Paper)
Gernot Heiser has written this White Paper for the European Parliament's STOA project Security of eGovernment Systems. The paper addresses the use of provably secure software for securing eGovernment systems and names political courses of action. These considerations are adaptable to other fields of application.