SlideShare a Scribd company logo

Trust_Security-Serene-Risc-2015-marsh

Steve Marsh, profile picture
Steve Marsh

1) The document discusses the importance of trust in building a secure digital ecosystem over the next 10 years, with technologies, norms and policies aligning to produce a resilient system. 2) It emphasizes that computing is about and for people, and outlines some key points about trust including that it is subjective, involves risk, and control is not always possible. 3) The discussion then focuses on technical solutions for cybersecurity that leverage and enable trust, including computational trust models, trust enablement, device comfort, and intelligent information sharing that considers trust relationships and privacy.

1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Let’s have a wee chat about… Trust (and Security) Stephen Marsh stephen.marsh@uoit.ca www.stephenmarsh.ca @smarsh2008 (25 minutes to change the world? It just might work)
Why Are We Here? “… we would like to frame the discussion around a more optimistic outlook trying to imagine what cybersecurity might look like ten years down the road if technologies, norms and policies align to produce a liberal, healthy and resilient digital ecosystem …”
Steve's  First  Rule  of  Computing Computing  is  about...   and  for...   People   (that's  us)  
Points to remember This is the case now This will be the case in the future
Well, isn’t this timely “The Internet-based economy has a bright future, provided that key conditions are in place, such as trust, education, and the right policy frameworks to promote participation, innovation, trade, competition and investment.” “Innovation and economic growth will depend on various factors such as access to capital, a skilled workforce and, not least, trust of end users.” “While a peaceful cyberspace provides us with many opportunities, the potential for malicious cyber activities by State and non-state actors to create instability and mistrust in international relations is increasing.” Chair's Statement, GCCS 2015 (April 17 2015)
Not to mention “For the Internet to remain a global engine of social and economic progress, confidence must be restored. The Commission calls on the global community to build a new social compact with the goal of restoring trust and enhancing confidence in the Internet.” GCIG (ourinternet.org), April 15 2015
And Finally “… real security on the Internet can only be realised within a broader context of trust and respect of fundamental human rights and values, such as privacy” Internet Society Statement on Collaborative Security, April 2015
 internetsociety.org

What? Trust? Confidence? • Indulge me whilst I quote that bastion of left-wing thinking, The Guardian:
 
 “Trust and confidence are an odd premise on which to advance this report. Think about these traits. They are fickle and human. Hard to gain and easy to lose, they are attributes of people, acquired by lifetimes of experience and the manifold clues embedded in our social fabric. 
 But machines, entities, infrastructure and artefacts – these are not things we trust. They are things we use, tolerate or begrudgingly accept, with varied levels of reflection and knowledge.
 We don’t want our corporations and security agencies fickle and fallible. Trust and confidence take hard work, time and evidence. They must be earned. And they will be earned by obeying laws, respecting and promoting human rights, and cracking down and remedying profligate corporate and government behaviour without fear or favour.”
 (Julia Powles, April 17 2015, gu.com/p/47tjq/stw, my emphasis)
Well, I beg to differ • Trust is absolutely the right way to frame the discussion • Indeed, when all else fails, it’s all there is left • Oddly enough, it’s also quite possible for people to think about people and machines in similar ways (kudos to Reeves and Nass) • This, naturally, applies to trust too
This works both ways • People can think about trust • Devices, tools, machines, can think about trust • They can all think about what this means about each other • Moreover, we can leverage trust to make people stronger
For the record, I do not remotely subscribe to the point of view that people are the weakest link
For the record, I do not remotely subscribe to the point of view that people are the weakest link (which point of view quite happily alienates the very people we should be working with!)
Trust There are plenty of definitions, let’s think about something that works here…
 A subjective probability, of sorts (Gambetta)
 In a circumstance of ambiguity
 Where control is not always possible (Cofta)
 And therefore where there is risk (Luhmann)
Trust  –  Control  –  Security   (+  Understanding) cf. Cofta, 2007; Luhmann, 1979; (et al)
Hang on Steve, what’s this session about? “Technical Solutions to Cybersecurity Challenges”
 
 Hmm… Better get down to it then
What we do, how we think Computational Trust and its siblings Foreground Trust, Trust Enablement Device Comfort Intelligent Information 10 Commandments
Computational Trust • Marsh, 1994, etc., etc. • Formalise Trust and its siblings • regret, forgiveness, wisdom, comfort, mistrust, distrust… • To be able to • Think about it and understand it better • Better define it (and its applicability) • Apply it and use it • There are lots of trust models out there, in lots of domains
Trust Enablement and Foreground Trust • Trust Enablement… • Dwyer, 2011; Dwyer & Marsh, 2015a, 2015b; Dwyer & Marsh, 2015 (in review) • Essentially: allow people to make trusting decisions, given the facts and context • Foreground Trust (extends this!) (Marsh et al, 2012) • Focus Trust Enablement on automated help for users in context - resulting in empowerment and understanding • Leverage the Media Equation (Reeves & Nass) • Yes, blatantly use trust
Device Comfort • Marsh et al, 2010; Storer et al, 2013; Atele-Williams, 2014 • An application of Foreground Trust and an extension of Briggs' Trust Daemon • Aimed at users of mobile devices • Now being examined elsewhere also • Uses Annoying Interfaces, Relationships, Trust… • Advise, Encourage, Warn (and Proscribe)
Intelligent Information • Based on the ACORN architecture (years old now!) • Wrapping information in agents • Allow the agents (information) to use trust, etc. reasoning to determine things like • Who to share with • For how long • When • Why • Transitivity • For info sharing. Privacy...
And think about People! • The cyberspace of the future must revolve around Steve’s First Law, or it will fail to be useful or valid • Part of this involves designing for people • Which is why Privacy by Design is such a powerful concept • But the key is to create security (and trust) models and practices that help people understand and take part • So, we have some commandments we try to live by (and naturally think others should too! what are commandments for otherwise…?)
(1) Make it for people. (2) Make it understandable, not just by maths profs... (amongst which number I am not) (3) Support monitoring and intervention. (4) Do not fail silent(ly) (5) Make it configurable (6) Make it queryable (No, it isn't a word. Should be though) (7) Cater for different time priorities and outlooks (8) Allow for incompleteness. (9) Foster an ongoing relationship (10) Acknowledge risk up front.
We’re done • Consider: • There is no future for people, without people • Cyber-anything is people-oriented and trust is key • Security must be people-oriented too, and trust is key • Just because it’s hard, doesn’t make it impossible • Just because people do it, doesn’t make it weak (or indeed strong) • You can’t do it without trust

More Related Content

PDF
Artificial Intelligence in InfoSec
Chris Roberts
 
PPT
Community Disaster Incident Response
Dinesh O Bareja
 
PPTX
Big Data and the Future of Money 2014
Daniel Austin
 
PDF
XR Ethics Manifesto (UPDATED Nov 2, 2019)
Kent Bye
 
DOCX
Jeff RESUME 2014 v2
Jeff Tanner
 
PDF
Cisco campus technology_whitpaper
eduardohb32
 
PDF
Test
learnsystem3
 
PPT
Katie
Turnhout
 
Artificial Intelligence in InfoSec
Chris Roberts
 
Community Disaster Incident Response
Dinesh O Bareja
 
Big Data and the Future of Money 2014
Daniel Austin
 
XR Ethics Manifesto (UPDATED Nov 2, 2019)
Kent Bye
 
Jeff RESUME 2014 v2
Jeff Tanner
 
Cisco campus technology_whitpaper
eduardohb32
 
Test
learnsystem3
 
Katie
Turnhout
 

Viewers also liked (8)

PDF
Rodriguez l regulación del trabajo ctera_dictadura
puntodocente
 
PPT
Adoption
James Pharr
 
PPTX
cesar villarroel
cesarvillarroelgonzalez
 
PPT
Capacitación comscore
MediaFem
 
PPTX
Mapa conceptual características de la informatica
AniseAldana
 
PPTX
Part of a plant
wolcsyvonnec
 
PDF
E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...
Tim Bruysten
 
PPT
Partidos políticos y democracia
Suxyer
 
Rodriguez l regulación del trabajo ctera_dictadura
puntodocente
 
Adoption
James Pharr
 
cesar villarroel
cesarvillarroelgonzalez
 
Capacitación comscore
MediaFem
 
Mapa conceptual características de la informatica
AniseAldana
 
Part of a plant
wolcsyvonnec
 
E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...
Tim Bruysten
 
Partidos políticos y democracia
Suxyer
 
Ad

Similar to Trust_Security-Serene-Risc-2015-marsh (20)

PDF
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Dinesh O Bareja
 
PDF
Aral Balkan - The Universal Declaration of Cyborg Rights
UX Lausanne
 
PDF
Short Essay On Spirit Of Success
Andrea Warner
 
PPTX
Tessella Consulting
Tessella
 
PPTX
Psychology of Risk Conference - Presentation by Robert Sams - March 2015
Robert Sams
 
PPT
The other world of it
Fing
 
PDF
01 Introduction atala prism.pdf
DuongNguyenNgoc10
 
PPTX
Effective Cybersecurity Communication Skills
Jack Whitsitt
 
PDF
The Social Network of Things
Srinivas Koushik
 
DOCX
Discussion Question 1 The Emergency Medical Treatment and Active .docx
duketjoy27252
 
DOCX
Discussion Question 1 The Emergency Medical Treatment and Active .docx
edgar6wallace88877
 
DOCX
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
i_scienceEU
 
PDF
Simone Borsci - Deceptive design, user experience and trust
nois3
 
PDF
Data Economy: Lessons learned and the Road ahead!
Ahmet Bulut
 
PDF
Trust in AI(?) - AI Ethics for the PromptTo #AI4ALL Conference
Matt Small
 
PDF
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
Will Gallego
 
PPTX
20241029 AI DIgital Twins Roland_Rust_Class.pptx
International Society of Service Innovation Professionals
 
PPTX
UU innovation masters november 2010
Tim Willoughby
 
PPTX
Trust building in virtual teams
Osku Torro
 
PDF
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
Timothy Holborn
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Dinesh O Bareja
 
Aral Balkan - The Universal Declaration of Cyborg Rights
UX Lausanne
 
Short Essay On Spirit Of Success
Andrea Warner
 
Tessella Consulting
Tessella
 
Psychology of Risk Conference - Presentation by Robert Sams - March 2015
Robert Sams
 
The other world of it
Fing
 
01 Introduction atala prism.pdf
DuongNguyenNgoc10
 
Effective Cybersecurity Communication Skills
Jack Whitsitt
 
The Social Network of Things
Srinivas Koushik
 
Discussion Question 1 The Emergency Medical Treatment and Active .docx
duketjoy27252
 
Discussion Question 1 The Emergency Medical Treatment and Active .docx
edgar6wallace88877
 
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
i_scienceEU
 
Simone Borsci - Deceptive design, user experience and trust
nois3
 
Data Economy: Lessons learned and the Road ahead!
Ahmet Bulut
 
Trust in AI(?) - AI Ethics for the PromptTo #AI4ALL Conference
Matt Small
 
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
Will Gallego
 
20241029 AI DIgital Twins Roland_Rust_Class.pptx
International Society of Service Innovation Professionals
 
UU innovation masters november 2010
Tim Willoughby
 
Trust building in virtual teams
Osku Torro
 
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
Timothy Holborn
 
Ad

Trust_Security-Serene-Risc-2015-marsh

  • 1. Let’s have a wee chat about… Trust (and Security) Stephen Marsh stephen.marsh@uoit.ca www.stephenmarsh.ca @smarsh2008 (25 minutes to change the world? It just might work)
  • 2. Why Are We Here? “… we would like to frame the discussion around a more optimistic outlook trying to imagine what cybersecurity might look like ten years down the road if technologies, norms and policies align to produce a liberal, healthy and resilient digital ecosystem …”
  • 3. Steve's  First  Rule  of  Computing Computing  is  about...   and  for...   People   (that's  us)  
  • 4. Points to remember This is the case now This will be the case in the future
  • 5. Well, isn’t this timely “The Internet-based economy has a bright future, provided that key conditions are in place, such as trust, education, and the right policy frameworks to promote participation, innovation, trade, competition and investment.” “Innovation and economic growth will depend on various factors such as access to capital, a skilled workforce and, not least, trust of end users.” “While a peaceful cyberspace provides us with many opportunities, the potential for malicious cyber activities by State and non-state actors to create instability and mistrust in international relations is increasing.” Chair's Statement, GCCS 2015 (April 17 2015)
  • 6. Not to mention “For the Internet to remain a global engine of social and economic progress, confidence must be restored. The Commission calls on the global community to build a new social compact with the goal of restoring trust and enhancing confidence in the Internet.” GCIG (ourinternet.org), April 15 2015
  • 7. And Finally “… real security on the Internet can only be realised within a broader context of trust and respect of fundamental human rights and values, such as privacy” Internet Society Statement on Collaborative Security, April 2015
 internetsociety.org

  • 8. What? Trust? Confidence? • Indulge me whilst I quote that bastion of left-wing thinking, The Guardian:
 
 “Trust and confidence are an odd premise on which to advance this report. Think about these traits. They are fickle and human. Hard to gain and easy to lose, they are attributes of people, acquired by lifetimes of experience and the manifold clues embedded in our social fabric. 
 But machines, entities, infrastructure and artefacts – these are not things we trust. They are things we use, tolerate or begrudgingly accept, with varied levels of reflection and knowledge.
 We don’t want our corporations and security agencies fickle and fallible. Trust and confidence take hard work, time and evidence. They must be earned. And they will be earned by obeying laws, respecting and promoting human rights, and cracking down and remedying profligate corporate and government behaviour without fear or favour.”
 (Julia Powles, April 17 2015, gu.com/p/47tjq/stw, my emphasis)
  • 9. Well, I beg to differ • Trust is absolutely the right way to frame the discussion • Indeed, when all else fails, it’s all there is left • Oddly enough, it’s also quite possible for people to think about people and machines in similar ways (kudos to Reeves and Nass) • This, naturally, applies to trust too
  • 10. This works both ways • People can think about trust • Devices, tools, machines, can think about trust • They can all think about what this means about each other • Moreover, we can leverage trust to make people stronger
  • 11. For the record, I do not remotely subscribe to the point of view that people are the weakest link
  • 12. For the record, I do not remotely subscribe to the point of view that people are the weakest link (which point of view quite happily alienates the very people we should be working with!)
  • 13. Trust There are plenty of definitions, let’s think about something that works here…
 A subjective probability, of sorts (Gambetta)
 In a circumstance of ambiguity
 Where control is not always possible (Cofta)
 And therefore where there is risk (Luhmann)
  • 14. Trust  –  Control  –  Security   (+  Understanding) cf. Cofta, 2007; Luhmann, 1979; (et al)
  • 15. Hang on Steve, what’s this session about? “Technical Solutions to Cybersecurity Challenges”
 
 Hmm… Better get down to it then
  • 16. What we do, how we think Computational Trust and its siblings Foreground Trust, Trust Enablement Device Comfort Intelligent Information 10 Commandments
  • 17. Computational Trust • Marsh, 1994, etc., etc. • Formalise Trust and its siblings • regret, forgiveness, wisdom, comfort, mistrust, distrust… • To be able to • Think about it and understand it better • Better define it (and its applicability) • Apply it and use it • There are lots of trust models out there, in lots of domains
  • 18. Trust Enablement and Foreground Trust • Trust Enablement… • Dwyer, 2011; Dwyer & Marsh, 2015a, 2015b; Dwyer & Marsh, 2015 (in review) • Essentially: allow people to make trusting decisions, given the facts and context • Foreground Trust (extends this!) (Marsh et al, 2012) • Focus Trust Enablement on automated help for users in context - resulting in empowerment and understanding • Leverage the Media Equation (Reeves & Nass) • Yes, blatantly use trust
  • 19. Device Comfort • Marsh et al, 2010; Storer et al, 2013; Atele-Williams, 2014 • An application of Foreground Trust and an extension of Briggs' Trust Daemon • Aimed at users of mobile devices • Now being examined elsewhere also • Uses Annoying Interfaces, Relationships, Trust… • Advise, Encourage, Warn (and Proscribe)
  • 20. Intelligent Information • Based on the ACORN architecture (years old now!) • Wrapping information in agents • Allow the agents (information) to use trust, etc. reasoning to determine things like • Who to share with • For how long • When • Why • Transitivity • For info sharing. Privacy...
  • 21. And think about People! • The cyberspace of the future must revolve around Steve’s First Law, or it will fail to be useful or valid • Part of this involves designing for people • Which is why Privacy by Design is such a powerful concept • But the key is to create security (and trust) models and practices that help people understand and take part • So, we have some commandments we try to live by (and naturally think others should too! what are commandments for otherwise…?)
  • 22. (1) Make it for people. (2) Make it understandable, not just by maths profs... (amongst which number I am not) (3) Support monitoring and intervention. (4) Do not fail silent(ly) (5) Make it configurable (6) Make it queryable (No, it isn't a word. Should be though) (7) Cater for different time priorities and outlooks (8) Allow for incompleteness. (9) Foster an ongoing relationship (10) Acknowledge risk up front.
  • 23. We’re done • Consider: • There is no future for people, without people • Cyber-anything is people-oriented and trust is key • Security must be people-oriented too, and trust is key • Just because it’s hard, doesn’t make it impossible • Just because people do it, doesn’t make it weak (or indeed strong) • You can’t do it without trust