At the March Council meeting, in India, the IFIP Executive Board (EB) decided to establish the position of Event Facilitator/Activities Manager, which had been proposed by the TC Forum at the September General Assembly in Budapest. The individual in this position is to "work pro-actively with and assist organisers in their planning and preparation for IFIP events." A small committee drafted a job description in Budapest, which the Secretariat elaborated and forwarded to the EB, which then made its final decision.
Mr. Prins Ralston (AU), attending the Council as an observer, said that he was asked in Budapest whether the Australian Computer Society would be willing to perform this function for IFIP and that the ACS was willing to provide office space for the activity. The committee, however, felt that it was important that this be conducted in Laxenburg, Austria, within the IFIP Secretariat. The EB asked Ms. Dorothy Hayden (AT), Administrative Assistant in the Secretariat, to devote half of her time to this new position. A half-time secretary will be hired to carry out the tasks Ms. Hayden no longer has time to perform.
Despite the EB's having moved with unusual speed to implement the TC Forum suggestion, there was some dissatisfaction with the EB action for the following reasons: a) the EB had acted without further consultation with the suggestors; b) a full-time position was considered by some to be necessary; c) the Event Facilitator should not spend time maintaining the IFIP database of events; d) the Facilitator should also be determining what new initiatives IFIP ought to be undertaking (e.g., electronic commerce), determining where in the IFIP structure suggested activities belong, and taking similar actions; and e) the job description does not correspond to what the TC Forum originally specified. Nevertheless, a valuable step has been taken in establishing the position, and it will be continually evaluated and adjusted to the needs of event organizers.
Following are the key elements of the job description specified by the EB:
"The overall responsibility is to work pro-actively with and assist organisers in their planning and preparation for IFIP events, to ensure that our systems are effective and efficient and to ensure that IFIP's record-keeping requirements are met.
External: Be the focal point on all issues relating to the organisation of IFIP events and event initiatives. Seek pro-actively to assist event organisers through the provision of appropriate guidance, help, information, and effective systems.
Internal: Undertake regular reviews of the written and electronic systems that we use to manage events, and ensure that these are up-to-date, effective, and efficient."
The complete job description can be found in Annex 2 of the 1999 Council minutes.
New IFIP Working Group (WG1.7) Formed
by Prof. Roberto Gorrieri (IT)*
Our society is becoming more and more dependent on computer networks: the enormous amount of data that is processed, transmitted or stored needs some form of protection. Cryptography has been envisaged as the main practical means to keep secret the information transmitted on communication networks, such as telephone lines or satellites. There is a long tradition of studies on cryptographic algorithms that validates the use of these techniques for such aims. Nowadays, however, cryptography is also used as a building block of many complex applications where the correctness of the cryptographic algorithm does not guarantee the correctness of the applications. Cryptography-based procedures are used largely for authentication of messages, personal identification, digital signatures, electronic money transfer, credit card transactions and many other critical applications. Recent technological developments, including mobile code, mobile agents, Java applets and the like, have raised a supplementary, increasing demand for security in computer networks. The main issues, in this respect, are related to protection of the host resources from damage caused by imported, possibly malicious, code. Many browser-based applications are critically dependent on the security of the applets they are using.
Surprisingly enough, such a pervasive phenomenon has not been accompanied by widespread development and use of formal tools that allow analysts and designers to describe faithfully, analyse in detail and prove the correctness of such applications or architectures. This is partially because of a lack of theoretical understanding of the phenomena. Nonetheless, even when such techniques are available, there is a widely perceived difficulty in learning and applying formal methods. They are not seen as cost-effective. But the increasing number of reports of security flaws in software shows that we ignore the problem of assuring correctness at our own risk. Notable examples range from academic cryptographic protocols, such as a significant key-distribution protocol, which was believed to be correct for several years until shown to be flawed, to industrial applications, such as a widely used programming language, which was found to have type flaws leading to security holes, and the recently announced security holes in the major Internet browsers. Many of these could conceivably have been prevented by the use of a careful formal design and analysis.
Why Formal Methods?
The detection and the prevention of bugs is indeed one of the main motivations for using formal methods and related approaches, and the specification of a system is an indispensable analysis tool, which may help in discovering many design errors. Furthermore, if the specification is given in an executable language, it is also possible to simulate the execution of the system, making easy the verification of properties (early prototyping). Typically, other motivations for the use of formal specifications include the need for expressing user requirements unambiguously, and for producing a reference guide for the implementor of the real system during the various development phases. Eventually, the system will be certified to be free of bugs.
Formal methods are, however, not always easily applicable to security. Lack of theoretical formalisation of the basic aspects of the subject matter (e.g., absence of widely accepted definitions) makes it difficult to use formal methods and related approaches. So, research in recent years has mainly focused on specific aspects (e.g., attacks on security protocols) that have been more clearly understood.
The vitality of research in foundations of security has propelled researchers to seek better ways to exchange and disseminate research results. Recently, there has been a proliferation of meetings devoted to this subject.
A New Working Group
With these considerations in mind, there has been some recent discussion among researchers about the possibility of forming an organization to further the research and development of foundations of security. We feel that WG1.7, under the auspices of IFIP, is ideal for this purpose. This WG will provide an informal forum for researchers to freely exchange ideas and preliminary research results and to discuss and debate which directions and applications are most worth pursuing. Furthermore, the WG Web site will serve as a repository, which may include links to different research groups, noncommercial software packages, and a list of open problems, posted by the members as challenges to the community. We hope that the WG will result in better research coordination, the forming of new research collaborations, and the creation of a new horizon in security research and applications.
Following are the Aims and Scope of the new WG:
* secretary of TC1
New IFIP Working Group (WG13.5) Formed
by Prof. Chris Johnson (GB)*
Recent accidents in a range of industries have increased concern over the management and control of safety-critical systems. Although we have developed techniques to cope with failures in individual components, it has proven far more difficult to predict and prevent accidents that are caused by an interaction between component failure, system-level complexity and human-machine intervention.
There are two reasons why it is important for researchers in human-computer interaction (HCI) to become involved in the development and operation of safety-critical systems:
There are a number of lesser reasons why the field of HCI ought to offer more direct support to the development and operation of safety-critical, interactive systems. Not the least of these is that both governmental and commercial organisations are appealing to research institutions to provide advice and guidance in this area. With more and more accidents being blamed on "operator error," the organisations are being urged by public pressure to treat these topics seriously. As a result, there are numerous national initiatives in this area but little international integration. This creates considerable problems for the dissemination of research results and for the coordination of research activities. Further problems arise because many initiatives relate to specific industries, and research on one industry is not known in the other. For instance, the findings of research into nuclear safety rarely reach interface designers within major aircraft manufacturers. This is significant because many interaction problems cross industry divisions.
All of these problems will be addressed by the new IFIP Working Group on Human Error, Safety, and System Development, which was approved by the Technical Assembly last September in Budapest. The Aims and Scope follow:
WG13.5 on Human Error, Safety, and System Development
* WG13.5 chair
by Prof. Vincent Cordonnier (FR)*
In 1991, I proposed to the IFIP General Assembly the creation of a group to study smart-card technology and applications and to organize scientific events on smart cards, with the IFIP label. A working conference was held in 1993, and a series of biennial "CARDIS" (CARD Information Systems) conferences was inaugurated in 1994. The attendance at the most recent one, in Belgium last year, was 100. The group has evolved from a Task Force to a Specialist Group to a Working Group (WG8.8) under the aegis of the Technical Committee on Information Systems (TC8). We present here the major themes of the WG.
Architecture: For many reasons, the chips that are embedded in smart cards present original features, including the following: special-purpose microprocessors, cryptographic and possibly biometric co-processors, security features, devices for tamper resistance, memory management for the RAM, the ROM and the EEPROM or flash memory, and communication devices including contactless cards.
Operating system: Many of the presently available cards do not draw a clear line between the operating system and the application software. It is likely that future cards will require well-identified operating systems. The first reason is standardization and inter-operability. Another reason is the requirement for the card issuers to be independent from manufacturers. The trend toward multiapplication cards will force the operating system to be designed before any application is imported.
Application software: The software of an application is responsible for organizing an appropriate data management and an efficient security scheme that can take into account the specific requirements of the application. That part of the software is also responsible for providing the set of primitives that allows the card to be personalized by including information related to the bearer: PIN code, biometries, individual profile and privileges etc..
Integration of smart cards as components of information systems: A set of smart cards for a given application may be seen as a widely distributed data base or as a large network with dynamic connection. In many circumstances, the decision to store data either in the card or somewhere else in the information system is not simple and relies on a specific methodology of application design. Furthermore, the development of networks leads to new requirements in security. The card looks like the best tool for including individual profiles, personal data and requirements in a distributed system.
Security: Security appears as a major argument for choosing this technology. It has to be studied from many different points of view: tamper resistance, protection of data, and privileges management when more than one sort of service is provided. Security is also mandatory for communication between the card and the information system. Many well-identified techniques such as authentication and signature encryption will apply in the smart card area.
Application design: As smart cards are used for an increasing number of applications, the need for a methodology is obviously required by application designers. This theme will also include application management and dynamic application loading.
Smart cards and society: So far, this theme has not been discussed, either in the WG or in its conferences. However, it could represent an interesting area, as the card looks like a new and widely distributed tool for accessing a large spectrum of distributed services.
It is quite evident that these aims and goals cover a wide spectrum of techniques, so many of the activities of WG8.8 will be organized in conjunction with other groups in IFIP. For further information, one may contact the WG chair:
Vincent Cordonnier
Universit, de Lille (France)
e-mail: vincent.cordonnier@univ-lille1.fr