Volkmar LotzResearch Program ManagerSAP Research

volkmar.lotz@sap.com

Security and Trust in the Future Internet

© SAP 2008 / Page 2

1. Driving Forces for Security, Trust, Identity and Privacy

2. Research Challenges – a SAP Research perspective –

3. Towards Meeting the Challenges

Overview

A Simple View of the Future Internet …A Simple View of the Future Internet …

Internet of Services

Internet of Things

© SAP 2008 / Page 3

… … its characteristics …its characteristics …

Layered, but augmented by a number of cross-cutting dependencies

Multitude in scale compared to the current Internet, billions of entities including things

Spontaneous and emerging behaviours and unanticipated new usages

Pervasive digital environment, heterogeneous infrastructures, terminals and technologies

User-centricity and usability is critical

Enablement of the “Internet of Services” and its new business models

© SAP 2008 / Page 4

… … its stakeholders …its stakeholders …

IndividualsGovernment

Auditors

ApplicationProvider

InfrastructureProvider

ProcessProvider

Partners

ISV

ContentProvider

Regulators

Business

ServiceProvider

NetworkOperator

© SAP 2008 / Page 5

… … and their protection needs (examples)and their protection needs (examples)

Trusted collaboration

Privacy & Identity management

Intrusion prevention

Content protection

Non-repudiation and legal binding

Authentication and Authorization

Process control

Malware protection

…

© SAP 2008 / Page 6

ObservationsObservations

Necessity for holistic view

S&T needs to be guided by individual protection needs of the stakeholders expressing and balancing the needs in their respective context end-to-end security & trust don’t conceal security, but make it accessible risk assessment and management

Extended attack surfaces lead to emerging threats flexible and adaptive security architectures secure SW and services assurance

Deliberate exposure of information and resources require usage control (content, personal data) for privacy protection and secure collaboration

Need for independent and interoperable ID provisioning and managing system, ensuring privacy for individuals and extending to all FI entities

Need for trusted and trustworthy networks, infrastructures, services, and applications transparency accountability

© SAP 2008 / Page 7

1. Driving Forces for Security, Trust, Identity and Privacy

2. Research Challenges – a SAP Research perspective –

3. Towards Meeting the Challenges

Overview

© SAP 2008 / Page 8

Security&Trust Research DirectionsSecurity&Trust Research Directions -- a SAP Research perspective -- -- a SAP Research perspective --

© SAP 2008 / Page 9

Research Directions (1)

Secure Business OperationsBusiness process and workflow security: requirements, conceptual models, process annotations

Enterprise SOA security: extended service specifications, policy negotiation

Advanced authorization models and techniques

Business and application level security policies and architectures

Policy engineering and enforcement

Design, implementation and architectures for organizational and business controls

© SAP 2008 / Page 10

Research Directions (2)

Support Adaptive Security

Decoupling of security functionality: security services

adaptive policies

Security, Trust, and Identity frameworks for SOA

independence

privacy preserving

Context-aware security personal environment

business context

physical context

© SAP 2008 / Page 11

1. Driving Forces for Security, Trust, Identity and Privacy

2. Research Challenges – a SAP Research perspective –

3. Towards Meeting the Challenges

Overview

© SAP 2008 / Page 12

Business Process Security & Compliance

Visually annotate business processes with compliance & security constraints

Drag & drop symbols for separation of duty, confidentiality & integrity

Model-driven generation of access control policies, rules and configurations

Automated querying of SAP GRC Risk Database at process design time

integrates security in compositional programming

supports business-level security and risk analysis

automated enforcement of security and compliance requirements on technical level

© SAP 2008 / Page 13

Trusted Collaboration

Upcoming business scenarios ask for cross-domain collaboration:

•collaborative supply chain management requires sharing of highly sensitive data (examples: production and transport costs, inventory information, sales data)

•complex service ecosystems (example: employability)

We investigate in two complementary approaches:

•mechanisms that allow to securely (i.e., controlled, restricted, privacy preserving) perform joint computations in the presence of mutual distrust (example: salary benchmarking, computation of average values)

•if this is infeasible, generate trust through observation and feedback

© SAP 2008 / Page 14

confidential© SAP 2008 / Page 1

Service Provider

Authentification guard

Authorization guard

Trust guard

Audit guard

Service Requester

Trust & privacy

negotiator

Directories

Registry

SAP AG 2004, Title of Presentation / Speaker Name / 1

Protocol

a b

EA(a)

EA(r · a - r · b + r´)

(EA(a) · EA(-b)) ^ r · EA(r´)

r´ < r

r · a - r · b + r´ < 0

a < b

Ensuring Secure Composition

BPMN

Validator

Security Annotation

Translator

compositional programming,e.g., with NW CE

no attack found

attack found

fix

Xcounter-example

Facts Security mechanisms may interfere

in a subtle way. Vulnerabilities occur and they are

hard to find.

Validator based on mathematical techniques

(model-checking, term rewriting) push-button technology ready to be

integrated in programming environment

counter-example allows to systematically fix the model

© SAP 2008 / Page 15

© SAP 2008 / Page 16

Thank you!