Abstract: The security community traditionally regards security as a ``hard'' property that can be modelled and formally proven under certain simplifying assumptions. Traditional security technologies assume that computer users are either malicious, e.g. hackers or spies, or benevolent, competent and well informed about the security policies. Over the past two decades, however, computing has proliferated into all aspects of modern society and the spread of malicious software (malware) like worms, viruses and botnets have become an increasing threat. This development indicates a failure in some of the fundamental assumptions that underpin existing computer security technologies and that a new view of computer security is long overdue. This talk examines traditional models, policies and mechanisms of computer security in order to identify areas where the fundamental assumptions may fail. In particular, we identify areas where the ``hard'' security properties are based on trust in the different agents in the system and certain external agents who enforce the legislative and contractual frameworks. Trust and Trust Management are generally considered ``soft'' security properties, so building a ``hard'' security mechanism on trust will at most give a spongy result, unless the underlying trust assumptions are made first class citizens of the security model. In most of the work in computer security, trust assumptions are implicit and they will surely fail when the environment of the systems change, e.g. when systems are used on a global scale on the Internet. We argue that making such assumptions about trust explicit is an essential requirement for the future of system security and argue why the formalisation of computational trust is necessary when we wish to reason about system security.

Abstract: Computer Security has traditionally presumed the physical security of key components, i.e. that these components are protected from tampering and that they can only be accessed through well-known channels using pre-defined protocols (whether these protocols are also secure or simply well-defined is a separate issue). We traditionally solve this requirement by locking up servers, gateways and routers in server rooms and provide individual offices for access to sensitive material to reduce the risks of shoulder surfing. With the emergence of laptops, tablets and smart phones, we have come to expect ubiquitous access to corporate resources, which breaks down the standard barriers of physical security. This is exacerbated by the increasing reliance on open plan offices which effectively reduces the confidentiality of that anything displayed on a monitor, either in the office or from any of the many locations from where we work. This talk examines the application of smart technologies to achieve situational awareness, through the use of sensors, and enforce the security policies defined for the computer system in a physical environment. This allows the security model to incorporate information about the physical environment and to explicitly define and enforce physical access control policies for logical objects that have physical representations, e.g. confidential information displayed on a monitor. An example of a context aware access control model, called Sensor Enhanced Access Control, is presented along with new mechanisms, such as persistent authentication and device comfort, to support situational awareness in a physical environment.