Computer security by isolation
- Project team: Weber, Arnd (Project leader)
- Start date: 2012
- Research group: Innovation processes and impacts of technology
Project description
Attacks on the confidentiality and the integrity of data are happening more frequently and becoming more complex. For years, especially malware like viruses and Trojan horses that have exploited the vulnerabilities of user software have been created on a limited expense. In this way, a criminal "industry" was created. Additionally, in the last years, attacks have been observed where targets were attacked with an expense of several person years, apparently, performed by actors with sufficient funds and insider knowledge of the software. Last but not least, it is feared that the international value chain of hard- and software will lead to a situation where hidden functions could be added in many places. Consequently, we have to be alert to additional sophisticated unprecedented attacks on data. These attacks are an issue regarding the general function of computers and of the internet, especially when critical data like confidential business data, banking, health information, or data in energy infrastructures is affected.
In this project, it is analyzed what options there are available for the provision of security regarding attacks on the confidentiality and the integrity of data. The focus of the analysis lies on procedures for the isolation of applications of different quality (proprietary, private, sensitive, dangerous, etc.). In the project, options are meant to be worked out taking into account already existing products and approaches that are being analyzed by IT-researchers. These options will be made subject to SWOT-analyses (strengths, weaknesses, opportunities, threats) regarding different criteria such as types of threats, costs of measures, remaining risks, etc. Finally, implementation issues will be addressed and solutions will be developed. These proposals will be fed to public and political discussions on the technical options.
More information on the subject
From the project
Weber, A.; Pomper, A.
Blick in die Zukunft der Virtualisierung. Funkschau (2013)17, S. 32-33
Volltext/pdf
Weber, A.; Weber, D.
Verifizierte Virtualisierung für mehr Sicherheit und Komfort. DuD-Datenschutz und Datensicherheit (2012)1, S. 43-47
Volltext/pdf full text/pdf
Complementary: Video from the EU project Open Trusted Computing
Additional information
Heiser, G.
Protecting eGovernment Against Attacks, Sydney 2013 (White Paper)
full text
Gernot Heiser has written this White Paper for the European Parliament's STOA project Security of eGovernment Systems. The paper addresses the use of provably secure software for securing eGovernment systems and names political courses of action. These considerations are adaptable to other fields of application.
Publications
Spione im Rechner: Der Weg zu sicheren Computern
2016. Nacht der Wissenschaft am KIT (2016), Karlsruhe, Germany, January 29–30, 2016
Governance kritischer Informationstechnik in offenen Netzen. Wege zu Sicherheit ohne Lücken und Hintertüren
2015. Responsible Innovation : Neue Impulse für die Technikfolgenabschätzung? Hrsg.: A. Bogner, 151–164, Nomos Verlagsgesellschaft
Der Verlust von Datensicherheit und Innovativität. Positionen etablierter Wissenschaftler im “Neuland”
2015. Technikfolgenabschätzung, Theorie und Praxis, 24 (1), 98–102, Oekom Verlag. doi:10.14512/tatup.24.1.98
Policy actions for securing computers
2014. 18th ISA World Congress of Sociology, Yokohama, J, July 13-19, 2014
Protecting confidentiality. Regulation as a tool for securing computing environments
2014. 20th International Telecommunications Society (ITS) Biennial Conference, Rio de Janeiro, BR, November 30 - December 3, 2014
Disruptive competition vs. single standard. The role of risk-averse investors in the decline of the European computer and handset industries
2014. 20th International Telecommunications Society (ITS) Biennial Conference, Rio de Janeiro, BR, November 30 - December 3, 2014
Governance sicherer Informationstechnik in offenen Netzen
2014. 6. Konferenz des Netzwerks Technikfolgenabschätzung (NTA) und 14. Technikfolgenabschätzung (TA) Jahreskonferenz des Instituts für Technikfolgen-Abschätzung, Wien, A, 2.-4. Juni 2014
Pfade zu sicherer Informationstechnik in offenen Netzen
2013. 13. Österreichische Konferenz der Technikfolgenabschätzung zum Thema Sicherheit als Technik, Wien, A, 3. Juni 2013
Governing the transition to secure computers for controlling energy systems
2013. Energy Systems in Transition: Inter- and Transdisciplinary Contributions, Karlsruhe, October 9-11, 2013