DanskDTU.dkIndexContactPhone bookInternal PagesDTU Alumni
English > Research > Language-Based Technology > Projects > Aspects of Security for Citizens
Research areas
Algorithms and Logic
Cognitive Systems
DTU Data Analysis
Embedded Systems Engineering
Image Analysis & Computer Graphics
Language-Based Technology
Research
Projects
Aspects of Security for Citizens
MT-LAB
Software Engineering for Service-Oriented Overlay Computers
Student Exchange
Teaching
Software
Group Members
Publications
Mathematical Statistics
Scientific Computing
Software Engineering
Research centers
Publications

Aspects of Security for Citizens

Funded by the Danish Strategic Research Council

News

On October 8, 2008, we hosted the workshop Security for the Citizens as part of the Nordic Security Days 2008. At the workshop three research projects funded by the Danish Strategic Research Council under the umbrella Borgernes IT sikkerhed presented their results:

  • IT Security for Citizens develops a user friendly mobile prototype for on-line access to information with better security properties than presently used.
  • Aspects of Security for Citizens, our project, develops new techniques for retrofitting user cenctric-security concerns to already developed software.
  • An Investigation of Citizen ICT Safety and Security Awareness reveals what average citizens know about security and what we can do to help them.
The workshop attracted 70 participants from Danish and foreign companies and universities. More information including the program and pictures can be found at the workshop's homepage.

Project Description

Todays software protects users only partly against attacks from the Internet. Viruses, spyware, and phishing are just some of the menaces that can result in hackers and criminals getting access to private data such as bank account information, digital signatures, or legally owned, copyright-protected material.

Existing solutions based on mail scanners, virus scanners, and firewalls provide only limited security, which only partially can be adjusted to the actual need of users—and rarely the user is able to do so himself. Often the user is confronted with complicated technical questions or shall find out how to fine-tune the security-related protection. This complexness of this configuration problem often results in the user not being able to judge the consequences of his choices.

There exists a need for solutions that can control access to ones data, and to block or allow access based on what the data shall be used for. The big challenge lies in developing solutions that can find such potentially insecure access both in already deployed as well as new applications, that are being developed without taking account of the fact that its users may not have the necessary technical skills for using and configuring it.

This project will explore the principles behind adding security concerns to existing programs after they have been fully developed and deployed. At first sight this seems to contradict good software engineering practice in that one can only obtain adequate security if it is catered for in the original design of the system rather than being added as an afterthought. However, existing software will often at best take care of protecting the assets of the vendor and at worst hardly take care of any security concerns at all. What is needed is a flexible mechanism for supporting the security needs of the average user as he is running existing software on his computer or as he is accessing remote web services with access to personal information. Furthermore, the needs of the average user may change as he becomes more adept at understanding the potential security hazards or as new schemes of exploitation become known to agencies such as CERT.

The new approach of this project is to tackle the challenge of adding security concerns to existing programs by using the relatively new programming technique of aspects and programming languages that support these. While there already exist aspect-oriented versions of languages like Java, there do not yet exist research result on the possibilities of using aspects for ensuring the users' IT security. Exactly these results will be developed in this project.

Researchers

Technical University of Denmark (DTU)     Imperial College London (ICL)

Project Fakta

Project Title Aspects of Security for Citizens
Funding Agency Danish Strategic Research Council
Start Date April 1, 2007
Duration 2007-2011
Principal Investigator Flemming Nielson
Partners Technical University of Denmark
Imperial College London

Contact

Principal Investigator    Press Contact
Flemming Nielson Hanne Riis Nielson
Tel.   +45 45 25 37 35
email nielson(at)imm.dtu.dk
Fax +45 45 93 00 74
Tel.   +45 45 25 37 36
email riis(at)imm.dtu.dk
Fax +45 45 93 00 74
Address   Address
Informatics and Mathematical Modelling
The Technical University of Denmark
DK-2800 Kongens Lyngby
Denmark 		Informatics and Mathematical Modelling
The Technical University of Denmark
DK-2800 Kongens Lyngby
Denmark
Last updated by  11.02.2009
Responsible: Hanne Riis Nielson
Top
Asmussens AlleDTU - Building 305DK-2800 LyngbyTel +45 4525 3351EAN 5798000430204