Security and trust in the web

Abstract

Security and trust issues have been catapulted to the forefront with the dramatic developments in technologies such as web applications, cloud computing, mobile devices and social networking. Though trust has always been a foundational stone of security, the greater dependency of society and economy on information technology have increased the need to consider trust issues more explicitly and systematically. This talk will address some of the key challenges in security and trust in the distributed information infrastructures. The talk will start with a brief look at some of the recent developments in the threat scenery. Then I will consider the notion of trust in the security world and see how trust issues arise in current ubiquitous computing systems context. Then we will consider a hybrid approach which combines the "hard" attestation based trust with the "soft" social and reputation based trust. Such a hybrid approach can help to improve the detection of malicious entities which in turn can enhance the quality of secure decision making. I will conclude the talk by demonstrating such a trust enhanced security approach using some examples from systems that we have been developing during recent years. © 2012 Springer-Verlag Berlin Heidelberg.