reality vs security model vs software bridging the gaps
play

Reality vs. Security Model vs. Software Bridging the Gaps FUNDP - PowerPoint PPT Presentation

Apr 20, 2023 •337 likes •716 views

Reality vs. Security Model vs. Software Bridging the Gaps FUNDP Namur, September 25, 2012 Virtual Goods 2012 Daniel P ahler, tulkas@uni-koblenz.de University of Koblenz-Landau Institute for IS Research Agenda Where

  1. Reality vs. Security Model vs. Software – Bridging the Gaps FUNDP Namur, September 25, 2012 Virtual Goods 2012 Daniel P¨ ahler, tulkas@uni-koblenz.de University of Koblenz-Landau Institute for IS Research

  2. ◦ ◦ ◦ ◦ Agenda Where I fit in A formal Digital Rights Model without Enforcement Bridging the Gaps – Reality versus Security Model Bridging the Gaps – Security Model versus Software Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 2 / 36

  3. • ◦ ◦ ◦ • ◦ ◦ Agenda Where I fit in Research Area Research Objective / Research Question Research Method A formal Digital Rights Model without Enforcement Bridging the Gaps – Reality versus Security Model Bridging the Gaps – Security Model versus Software Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 3 / 36

  4. • ◦ ◦ ◦ • ◦ ◦ Research Area Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 4 / 36

  5. • ◦ ◦ ◦ ◦ • ◦ Agenda Where I fit in Research Area Research Objective / Research Question Research Method A formal Digital Rights Model without Enforcement Bridging the Gaps – Reality versus Security Model Bridging the Gaps – Security Model versus Software Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 5 / 36

  6. • ◦ ◦ ◦ ◦ • ◦ Research... ... objective Trade with and usage of virtual goods shall be modelled in a way that allows for realistic statements about the legal statuses of the parties that are involved. ... question How can the handling of virtual goods be described in a way that allows for a realistic assessment of the legality of specific actions? Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 6 / 36

  7. • ◦ ◦ ◦ ◦ • ◦ Detailed Definition 1. The model should be able to represent reality 2. In practice, the model should allow users a self-assessment of whether they behave legally Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 7 / 36

  8. • ◦ ◦ ◦ ◦ ◦ • Agenda Where I fit in Research Area Research Objective / Research Question Research Method A formal Digital Rights Model without Enforcement Bridging the Gaps – Reality versus Security Model Bridging the Gaps – Security Model versus Software Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 8 / 36

  9. • ◦ ◦ ◦ ◦ ◦ • Research Method – Design Science Research Design Science Research according to Vaishnavi und Kuechler [VK04] Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 9 / 36

  10. • ◦ ◦ ◦ ◦ ◦ • Research Method – Design Science Research (cont.) • Awareness of Problem: mostly done • Suggestion: mostly done • Development: partially done • Evaluation: to be done via implementation • Conclusion: ??? Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 10 / 36

  11. ◦ • ◦ ◦ Agenda Where I fit in A formal Digital Rights Model without Enforcement Bridging the Gaps – Reality versus Security Model Bridging the Gaps – Security Model versus Software Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 11 / 36

  12. ◦ • ◦ ◦ A formal Digital Rights Model without Enforcement • Article published at the VG 2011, [PG11] • contains the “mostly done” steps • Model was recently dubbed “Formosa” Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 12 / 36

  13. ◦ • ◦ ◦ What’s already done Awareness of Problem Existing digital rights models... • try to be complete and decidable (impossible!) • focus only on rights holders’ perspective • make unrealistic assumptions about their enforcability • divide the world into (absolutely) legal and (absolutely) illegal Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 13 / 36

  14. ◦ • ◦ ◦ What’s already done Suggestion A new model should... • not try to be complete • take the customers’ point of view into account • not assume that enforcement is solved elsewhere • allow for a “gray area” between legal and illegal Graduation from legal to illegal in Formosa • (Illegal) actions can cost a user money • Their overall debt (= “burden”) is tracked • When the burden crosses a user-defined threshold, the user becomes “too” illegal Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 14 / 36

  15. ◦ • ◦ ◦ What’s already done Development Formosa... • is the artefact that has been developed • has the suggested features • is written in a “homebrew” notation that uses set algebra and predicate logic • is an IT security model Formosa’s superior security objective “Each actor shall be able to subjectively feel secure, even if they perform illegal actions, as long as the potential damage caused to them is below a certain threshold value” Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 15 / 36

  16. ◦ ◦ • ◦ • ◦ ◦ Agenda Where I fit in A formal Digital Rights Model without Enforcement Bridging the Gaps – Reality versus Security Model The General Problem of Modelling Notation Valid Real-World Assumptions? Bridging the Gaps – Security Model versus Software Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 16 / 36

  17. ◦ ◦ • ◦ • ◦ ◦ Bridging the Gaps – Reality versus Security Model The General Problem of Modelling • Models reduce complexity through abstraction • But: what to take in, what to leave out? ◮ Features might prove useful/neccessary later ◮ Too many features make the model needlessly complex (cf. “Occam’s Razor“) • Example in Formosa: Time Occam’s Razor according to Heylighen [Hey97] ”[Occam’s Razor] admonishes us to choose from a set of otherwise equivalent models of a given phenomenon the simplest one.“ Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 17 / 36

  18. ◦ ◦ • ◦ • ◦ ◦ Bridging the Gaps – Reality versus Security Model The General Problem of Modelling (cont.) • Earlier versions of Formosa had no notion of time • Actors only had discrete states • Time was introduced to allow for duty deadlines and time-limited rights The downside: • Actions are still ”atomic“ (have no duration) • Progress of time and state changes are now ”parallel“ concepts Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 18 / 36

  19. ◦ ◦ • ◦ ◦ • ◦ Agenda Where I fit in A formal Digital Rights Model without Enforcement Bridging the Gaps – Reality versus Security Model The General Problem of Modelling Notation Valid Real-World Assumptions? Bridging the Gaps – Security Model versus Software Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 19 / 36

  20. ◦ ◦ • ◦ ◦ • ◦ Bridging the Gaps – Reality versus Security Model Notation • Notation should be maximally comprehensible and maximally precise • Currently: ”Homebrew“ notation • But: does a better notation exist? • Currently being researched in a master’s thesis Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 20 / 36

  21. ◦ ◦ • ◦ ◦ • ◦ Bridging the Gaps – Reality versus Security Model Notation (cont.) • Most notations have distinctive features – they might... ◮ be easier to read ◮ allow for parallel processes ◮ have an integrated time concept ◮ be computer-interpretable ◮ ... • But not each is apt for security models • It’s impossible to simply try them all Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 21 / 36

  22. ◦ ◦ • ◦ ◦ ◦ • Agenda Where I fit in A formal Digital Rights Model without Enforcement Bridging the Gaps – Reality versus Security Model The General Problem of Modelling Notation Valid Real-World Assumptions? Bridging the Gaps – Security Model versus Software Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 22 / 36

  23. ◦ ◦ • ◦ ◦ ◦ • Bridging the Gaps – Reality versus Security Model Valid Real-World Assumptions? • Formosa is based on assumptions about the real world • Concrete: ”A ‘gray area’ exists in subjectively perceived legality“ • But: does this assumption hold? • Currently being researched in a master’s thesis Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 23 / 36

  24. ◦ ◦ • ◦ ◦ ◦ • Bridging the Gaps – Reality versus Security Model Valid Real-World Assumptions? (cont.) • Many sources (surveys etc.) give hints about the perceptions of VG users • Many of those... ◮ are biased ◮ are out of date ◮ focus only on specific types of virtual goods ◮ contradict each other • A comprehensive literature analysis might help Daniel P¨ ahler – Reality vs. Security Model vs. Software – Bridging the Gaps 24 / 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

It has been a year since the official launch of Bridging the Gaps Website Over 3,000

It has been a year since the official launch of Bridging the Gaps Website Over 3,000

Bridging the Gaps: Sustainable Urban Spaces First Year Review 9 July 2009 James Paskins Civil, Environmental and Geomatic Engineering It has been a year since the official launch of Bridging the Gaps Website Over 3,000 visits

471 views • 21 slides
RTI BRIDGING THE GAPS TOWARDS ACADEMIC SUCCESS Waycross Middle School Ware County

RTI BRIDGING THE GAPS TOWARDS ACADEMIC SUCCESS Waycross Middle School Ware County

RTI BRIDGING THE GAPS TOWARDS ACADEMIC SUCCESS Waycross Middle School Ware County Georgia PRESENTERS David Hitt Principal Lilly Williams RTI Coordinator and Reading Interventionist Sherry Lairsey Math

741 views • 31 slides
ERAS: Bridging the Gaps in Multimodal Analgesia Laura C. Habighorst BSN RN CAPA CGRN ASPMN May

ERAS: Bridging the Gaps in Multimodal Analgesia Laura C. Habighorst BSN RN CAPA CGRN ASPMN May

ERAS: Bridging the Gaps in Multimodal Analgesia Laura C. Habighorst BSN RN CAPA CGRN ASPMN May 27, 2020 1 Target Audience The overarching goal of PCSS is to train a diverse range of healthcare professionals in the safe and effective

900 views • 33 slides
DarkReader : Bridging the Gap Between Pe Perception and Re Reality of Po Power Consumption in

DarkReader : Bridging the Gap Between Pe Perception and Re Reality of Po Power Consumption in

Da DarkReader : Bridging the Gap Between Pe Perception and Re Reality of Po Power Consumption in Smartphones for Blind Users Jian Xu*, Syed M. Billah*, Roy Shilkrot, Aruna Balasubramanian Blind users do not need screens Source Screen

616 views • 20 slides
Challenges in Modeling SARS-CoV-2: Bridging the Best of Both Worlds Between Models and Reality

Challenges in Modeling SARS-CoV-2: Bridging the Best of Both Worlds Between Models and Reality

Challenges in Modeling SARS-CoV-2: Bridging the Best of Both Worlds Between Models and Reality Michael Li - McMaster University mcmaster.ca | Background Math and Statistics MacTheoBio Theoretical, statistical and computational approaches to

875 views • 60 slides
Bridging The Gap Between Information Security & IT Audit Agenda Introductions

Bridging The Gap Between Information Security & IT Audit Agenda Introductions

Bridging The Gap Between Information Security & IT Audit Agenda Introductions Objectives Understand the Information Security Perspective Information Security Trends and Business Insights Bridging the Gap between I.T. Audit

449 views • 33 slides
Bridging Missing Gaps in Evaluating DDoS Research Lumin Shi, Samuel Mergendahl, Devkishen

Bridging Missing Gaps in Evaluating DDoS Research Lumin Shi, Samuel Mergendahl, Devkishen

Bridging Missing Gaps in Evaluating DDoS Research Lumin Shi, Samuel Mergendahl, Devkishen Sisodia, Jun Li {luminshi, smergend, dsisodia, lijun}@cs.uoregon.edu University of Oregon Preliminary Work Paper (Short Paper) DDoS Attacks Today

220 views • 19 slides
+ Design of Parallel Algorithms Bulk Synchronous Parallel A Bridging Model of Parallel

+ Design of Parallel Algorithms Bulk Synchronous Parallel A Bridging Model of Parallel

+ Design of Parallel Algorithms Bulk Synchronous Parallel A Bridging Model of Parallel Computation + Need for a Bridging Model n The RAM model has been reasonable successful for serial programming n The model provides a framework for describing

509 views • 22 slides
Western New York Bridging Gaps in Care for the Medicaid Population PAC Meeting 6.20.16 Dr.

Western New York Bridging Gaps in Care for the Medicaid Population PAC Meeting 6.20.16 Dr.

Western New York Bridging Gaps in Care for the Medicaid Population PAC Meeting 6.20.16 Dr. Carlos Santos, MD Medical Director, Community Partners of WNY Amy White-Storfer, MBA, PMP Director, Community Partners of WNY Community Partners of

537 views • 41 slides
deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Leadership in a Multigenerational Workplace Bridging the Gap to Drive Results Tresha Moreland,

Leadership in a Multigenerational Workplace Bridging the Gap to Drive Results Tresha Moreland,

Leadership in a Multigenerational Workplace Bridging the Gap to Drive Results Tresha Moreland, SPHR, SSBBP Test Your Knowledge Myth or Reality? The millennial generation is the largest generation of today Myth or Reality? Only older

505 views • 35 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
CS590-SWS/527 Software Security OS Security Asst. Prof. Mathias Payer Department of Computer

CS590-SWS/527 Software Security OS Security Asst. Prof. Mathias Payer Department of Computer

CS590-SWS/527 Software Security OS Security Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/16-527-SoftSec/ Spring 2016 Unix security model Table of Contents

505 views • 27 slides
CS-527 Software Security OS Security Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security OS Security Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security OS Security Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Unix security model Table of Contents Unix

463 views • 28 slides
The Realities of Software Testing [Reading assignment: Chapter 3, pp. 37-50] Software process

The Realities of Software Testing [Reading assignment: Chapter 3, pp. 37-50] Software process

The Realities of Software Testing [Reading assignment: Chapter 3, pp. 37-50] Software process models are an ideal not reality No software development effort follows a process model perfectly. Why? The specification never

399 views • 29 slides
CS412 Software Security Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Model for Control-Flow Hijack Attacks Figure 1 Mathias Payer CS412 Software Security Widely-adopted defense mechanisms Hundreds of

1.34k views • 57 slides
On Time Petri Nets and Scheduling Didier Lime IRCCyN / Ecole Centrale de Nantes 5 septembre

On Time Petri Nets and Scheduling Didier Lime IRCCyN / Ecole Centrale de Nantes 5 septembre

On Time Petri Nets and Scheduling Didier Lime IRCCyN / Ecole Centrale de Nantes 5 septembre 2007 Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 1 / 48 Plan I Introduction Time Petri Nets with Stopwatches (and more) Petri Nets and

1.42k views • 119 slides
Reference Point Methods and Approximation in Multicriteria Optimization C. B using, Kai-Simon

Reference Point Methods and Approximation in Multicriteria Optimization C. B using, Kai-Simon

Introduction Definitions and Notations Approximation Reference Point Methods and Approximation in Multicriteria Optimization C. B using, Kai-Simon Goetzmann , J. Matuschke and S. Stiller MDS Colloquium, June 25, 2012 Kai-Simon Goetzmann

878 views • 42 slides
TOWARDS EFFICIENT VERIFICATION OF POPULATION PROTOCOLS Michael Blondin, Javier Esparza, Philipp

TOWARDS EFFICIENT VERIFICATION OF POPULATION PROTOCOLS Michael Blondin, Javier Esparza, Philipp

TOWARDS EFFICIENT VERIFICATION OF POPULATION PROTOCOLS Michael Blondin, Javier Esparza, Philipp J. Meyer Stefan Jaax TU Mnchen Population Protocols Population protocols (Angluin et al., 2004) are a model of Can be used to model networks of

471 views • 29 slides
Geometric Modeling An Example 2 Geomertic Modeling I - Center for Graphics and Geometric

Geometric Modeling An Example 2 Geomertic Modeling I - Center for Graphics and Geometric

Geometric Modeling An Example 2 Geomertic Modeling I - Center for Graphics and Geometric Computing, Technion Outline Objective: Develop methods and algorithms to mathematically model shapes of real world objects Categories:

975 views • 59 slides
Equations over sets of natural numbers Artur Je z Institute of Computer Science University of

Equations over sets of natural numbers Artur Je z Institute of Computer Science University of

Equations over sets of natural numbers Artur Je z Institute of Computer Science University of Wroc law May 22, 2008 Artur Je z (Wroc law) Equations over sets of natural numbers May 22, 2008 1 / 1 Joint work Joint work with

1.39k views • 110 slides
The Practical Guide to Levitation By Ahmad Salim Al-Sibahi Supervisors: Dr. Peter Sestoft David

The Practical Guide to Levitation By Ahmad Salim Al-Sibahi Supervisors: Dr. Peter Sestoft David

The Practical Guide to Levitation By Ahmad Salim Al-Sibahi Supervisors: Dr. Peter Sestoft David R. Christiansen A Practical Guide to Levitation http://wordswithoutborders.org/article/a- practical-guide-to-levitation Excellent, but

589 views • 40 slides
Britvic Educational Day 5 April 2006 Introduction and Welcome 1 Agenda for the day Rugby

Britvic Educational Day 5 April 2006 Introduction and Welcome 1 Agenda for the day Rugby

Britvic Educational Day 5 April 2006 Introduction and Welcome 1 Agenda for the day Rugby Factory Tour Market Performance 2005 2006 What we are doing Business Transformation Programme (BTP) Product Value Optimisation

750 views • 54 slides
Through the Gate African-American Students' Transfer Journey: Identifying Opportunities to

Through the Gate African-American Students' Transfer Journey: Identifying Opportunities to

Through the Gate African-American Students' Transfer Journey: Identifying Opportunities to Increase Transfer Umoja Conference November 9, 2018 Darla Cooper, EdD Executive Director The RP Group www.rpgroup.org Mission Strengthen CCCs

440 views • 24 slides

More recommend