Security is usually centrally managed, for example in the form of policies duly executed by individual nodes. The SECOVAL workshop covers the alternative trend of using collaboration and trust to provide security. Instead of centrally managed security policies, nodes may use specific knowledge (bot…
Security is usually centrally managed, for example in the form of policies duly executed by individual nodes. The SECOVAL workshop covers the alternative trend of using collaboration and trust to provide security. Instead of centrally managed security policies, nodes may use specific knowledge (both local and acquired from other nodes) to make security-related decisions. For example, in reputation-based schemes, the reputation of a given node (and hence its security access rights) can be determined based on the recommendations of peer nodes. As systems are being deployed on ever-greater scale without direct connection to their distant home base, the need for self-management is rapidly increasing. Interaction after interaction, as the nodes collaborate, there is the emergence of a digital ecosystem. By guiding the local decisions of the nodes, for example, with whom the nodes collaborate, global properties of the ecosystem where the nodes operate may be guaranteed. Thus, the security property of the ecosystem may be driven by self-organizing mechanisms. Depending on which local collaboration is preferred, a more trustworthy ecosystem may emerge. This year SECOVAL is focusing upon a special research subtopic within the scope of collaborative security, namely, Privacy and Data Sanitization. Any useful collaboration is at some point sharing data. Unfortunately, data sharing is one of the greatest hurdles getting in the way of otherwise beneficial collaborations. Data regarding one's security stance is particularly sensitive, often indicating ones own security weaknesses. This data could include computer or network logs of security incidents, architecture documents, or sensitive organizational information. Even when the data may not compromise the data owner's security stance, sharing may violate a customer's privacy. Data sanitization techniques such as anonymization and other mechanisms such as privacy-preserving data mining and statistical data mining try to address this tension between the need to share information and protect sensitive information and user privacy.