A Toolset for Usable Security with ICT Service Networks

Dr. Sven WOHLGEMUTH Dr. Kazuo TAKARAGI

Resilience and Secondary Use of Personal Data

Safety Problem for Security as a Personalized Service

Continuous Multilateral Information Security Management

Let‘s work together on creating a sustainable smart society!

ICT Support for Resilience• Resilience: Personal predictive risk management• Internet of Things: Observe and control physical environments• Cloud Computing: Scalable secondary use of personal data• Artificial Intelligence: Knowledge creation for decision-support• Open Data: Ground Truth for IT Governance and innovation

The ultimate aim is sustainability

But: What about reliable information processing for resilience?

Contact: Dr. Kazuo TAKARAGI, Information Technology Research Institute (ITRI), National Institute of Advanced Industrial Science and Technology (AIST), JapanEmail: kazuo.takaragi@aist.go.jp WWW: http://www.itri.aist.go.jp

• Resilience: By sharing authentic information on security vulnerabilities and incidents

• Regulations: Compliance by risk management with personal accountability

• Safety: Users can’t access data without authorization by the ’data owner’

• State-of-the-art: Access control with a type-safe security policy

Turing Machine: Safety with access control is in general undecidable

User-Centric Information Flows

Smart Society

Multilateral Security

Data Controller(e.g. Government)

Open Information Accountability(As Part of Security/Privacy Controls)

Open Datasec d, d*

sec d, d*

sec d, d *…

Privacy

by Design

Plan-Do-Check-Act(Risk and Life Cycle Management)

Secure Delegationof Rights

Data ProvenanceIT Risk Controls

Policy Toolbox

Active strategies Passive strategies

Riskavoidance

Riskreduction

Risk provision

Risk transfer

IT Risk Analytics

HelperRefugee

Physical

Cyber

Cloud Computing with PKI and Marketplace (e.g. SINET)

Ground Truth 5

Courtesy of Tsukuba Univ.

Kostadinka Bizheva, et al., J. of Biomedical Optics, July/ 2004 Vol.9 No.4

Petra Wilder-Smith, et al. J. of Biomedical Optics Sep/ 2005 Vol.10 No.5

BrainEye

Tooth

Oral

Skin

Z.P.Chen, et al.,Opt. Express, Aug/ 2007 Vol. 15 No. 16

Esophagus

Alexander Popp, et al., J. of Biomedical Optics, Jan/ 2004 Vol.11 No.1

Lung

Guillermo J. Tearney, et al. J. of Biomedical Optics Mar/ 2006 Vol.11 No.2

CardiovascularPancreas

Pier Alberto, et al. J Pancreas (Online)

2007 Vol.8 No.2 Cervix

Ilya V. Turchin, et al., J. of Biomedical Optics, Nov/ 2005 Vol.10 No.6

Blood flow

Bradley A. Bower., J. of Biomedical Optics, Jul/ 2007 Vol.12 No.4

Stomach

Yonghong He, et al. J. of Biomedical Optics

Jan/ 2004 Vol.9 No.1

Trachea

Matthew Brenner, et al., J. of Biomedical Optics, Sep/ 2007 Vol.12 No.5

Cochlea

Fangyi Chen, et al., J. of Biomedical Optics, Mar/ 2007 Vol.12 No.2

Bladder

Ying T. Pan, et al. J. of Biomedical Optics

Sep/ 2007 Vol.12 No.5

Colon

Alexandre R. Tumlinson, et al., J. of Biomedical Optics, Nov/ 2006 Vol.11 No.6

Kidney

Yu Chen, et al. J. of Biomedical Optics

Sep/ 2007 Vol.12 No.3

Bone

santec confidential SS-OCT System Inner Vision 16Application to Biometrics:Non-invasive measurement of iris, retina, fingerprint, vascular image under skin.

OCT(Optical Coherence Tomography)

図：santec株式会社提供資料より

o1 = d o2 = d* …s1 own, r, w ? own, r, w ?s2 r, w own, r, ws3 ? r, w ? r…

......

d

Dataprovider/consumer

Dataconsumer

Dataconsumer/provider

Dataprovider

d,d*?

General security system

Enforcement

Providing

• Privacy Enhanced

• Transparency• Compliance

Block chain

• Make correction to his/her own data

• Grant and revoke consent on the use of the data

• Be informed ondata breach

Problem for resilience: Loss of control on personal information on exception handling beyond expectations