Today's society can no longer function without information technology. Essential infrastructure including the transportation system, banking and the financial markets, the entertainment industry, the health care system, government, the military and the education system can no longer survive without modern technology. This increasing dependence on information technology creates new opportunities for the benefit of society. However, it also opens an avenue that can be exploited for illicit purposes. The stakes are high and many attacks go undetected or unreported. In addition to losses such as data or other forms of intellectual property, financial theft or the shut down of infrastructure, computer security attacks that target critical infrastructure such as nuclear power plants has the potential to cause human casualties on a massive and unprecedented scale.
The challenges of computer security were discussed at an advanced research workshop held in Tetuan, Morocco in June, 2005 under the auspices of the North Atlantic Treaty Organization (NATO). This workshop provided a unique opportunity for researchers involved in mature research programmes from Europe and North America to closely interact with researchers from North Africa working in fledgling security programmes. The workshop provided a forum to present and discuss research on the four main challenges facing computer security, namely, the formulation of theoretical models for computer security, the development of tools and languages to ensure security, the design of new secure architectures and the application of security models. In the first chapter titled ‘Retaliation: Can We Live with Flaws?’, Bella et al. propose a model for security that is based on the social premise that an attacker will think twice if retaliation is possible. The second chapter by Gritzalis et al. sets the foundations for establishing a knowledge-based, ontology-centric framework with respect to security management. Biardi et al. in their chapter titled ‘Constrained Automata: a Formal Tool for ICT Risk Assessment’, propose automata theory as a tool to assess the potential for security attacks in a system. XML is extended to provide a comprehensive language for trust negotiations by Squicciarini et al. in the chapter titled ‘A comprehensive XML-based language for trust negotiations’. The challenge in providing trust in a distributed services oriented architecture is discussed in the chapter by Jen-Yao Chung et al., titled ‘Extending Trust Computing with Service Oriented Architecture’. In ‘Privacy Preserving third party architectures’, Barbara Carminati et al. propose a scalable architecture that satisfies different privacy preserving requirements. The challenges facing agent security where the agents are mobile is discussed by Łukasz Nitschke et al. Distributed systems security, in particular the protection of confidential resources is described in the chapter titled ‘Using basic Security Techniques and specifications for Confidential Resources Protection in Web-based Distributed Systems’ by Mostafa Ezziyyani et al. Shahin Shakeri et al. apply statistical techniques to the problem of spam detection and email classification. In the tenth chapter, Y. Lyhyaoui et al. analyze the security problems caused by cheating in online games. The final chapter by Kumar et al. proposes a secure protocol for routing in sensor networks based on key management.
This book provides a discussion on a wide variety of viewpoints on some of the main challenges facing secure systems. This book will therefore be of major interest to all researchers in academia or industry with an interest in computer security. It is also relevant to graduate and advanced level undergraduate students who may want to explore the latest developments in the area of computer and information security.
We thank the public diplomacy mission of NATO for sponsoring and funding this scientific meeting and also the organizing bodies for their support. We would like to thank the members of the international scientific and local organizing committees for their contributions and suggestions. A special thanks goes to Dr. Naoufal Raissouni and to Dr. Mohammed Kounaidi for their invaluable assistance and all their hard work in organizing this workshop. We also thank all chairpersons for their involvement. We are particular indebted to the participants who submitted chapters to this book and contributed to the success of the meeting. It was refreshing to observe participants from Europe and the United States as well as North Africa contribute to the discussions, presentations and overall success of this workshop.
April 2006
Johnson P. Thomas, Tulsa, Oklahoma, USA
Mohamed Essaaidi, Tetuan, Morocco