Socio-economy & New Tech

    Cyber Security

    Data Privacy & Ethics

AXA Chairs

Switzerland

A Holistic Approach to Data Security: Facing New Risks with Big Data and the Cloud

The fruits of computer scientists’ labor are so fundamental to our personal and professional activities that we can scarcely imagine life without them. At the same time, the heights attained by the field, including cloud computing and Big Data, now force us to look hard at the risks they bring and find new approaches to ensuring our data security. Most researchers focus on strengthening one security property, though this may mean neglecting another. Prof. Bryan Ford, however, believes the matter can only be treated holistically, simultaneously addressing the multiple demands users place on data protection systems. He is also sure we need to study this now. While we won’t turn back now from the capabilities of the most advanced computing methods, cyber attacks are growing more sophisticated and the potential for system failures more threatening. With his research program, Prof. Ford aims to identify the most pressing but underexplored risks and to propose new ways of tackling them.

The three main properties of data security are availability (ensuring data is not lost or inaccessible), integrity (not corrupted or maliciously manipulated) and privacy (not disclosed or used improperly). The challenge is to ensure one without violating another. To verify the integrity of data, for example, it must be disclosed, thereby violating users’ privacy. Prof. Ford has already begun addressing this issue by building on small-scale, decentralized systems that are strong on privacy, with system-wide integrity and availability protections built in. The tradeoff had been the low number of users these systems could support, but his previous work on a project called Dissent proved that, using novel techniques, they could be scaled up for at least thousands of users—practical for real-world implementation. Going forward, he will improve on the framework he devised for use in communication systems, but also to build secure tools that preserve privacy for a variety of other important functions, like voting applications, digital archival storage, and the use of crypto-currencies, like bitcoin.


While exciting progress in computer science makes all of the above possible, the growth of cloud computing also introduces new risks—and the well-known ones may be only the tip of the iceberg, Prof. Ford says. It’s not the problems tied directly to your cloud provider, like outages cutting off your access, that worry him, but the second-order risks. These include cloud services that may appear independent, but actually share resources behind the scenes, undermining the safety usually conferred by redundancy in a system. “This could create unexpected and potentially catastrophic failure correlations, reminiscent of financial industry crashes,” Prof. Ford explains. Also requiring urgent attention is the challenge that cloud computing adds to the preservation of digital artifacts. Technology changes rapidly and versions become out of date, putting long-term availability at risk. With cloud-based applications, users are never in possession of a complete, functional copy of the item to store in a repository—think search engines or mapping applications, versus word processing software installed directly on your computer. How, then, can digital archivists file away historically significant cloud artifacts for long-term cultural preservation?


Prof. Ford’s research project will provide, first of all, a much deeper understanding of the questions like this that must be asked in a new era of cloud computing. In response to the risks exposed, he will also design new system architectures capable of facing the problems involved. He aims to develop methods of quantifying the risk of compromised privacy or failure in a system. Then, he’ll create protoypes capable of using this measurement to reconfigure cloud systems at risk. By getting started now, Prof. Ford hopes to understand the risks and devise solutions “before our socioeconomic fabric becomes inextricably dependent on a convenient but potentially unstable computing model,” he says.

Scientific title: AXA Chair in Information Security and Privacy

To add or modify information on this page, please contact us at the following address: community.research@axa.com

Bryan
FORD

Institution

École Polytechnique Fédérale de Lausanne

Country

Switzerland

Nationality

American

ORCID Open Researcher and Contributor ID, a unique and persistent identifier to researchers

Related articles

Socio-economy & New Tech

Cyber Security

Modeling & Pricing

Joint Research Initiative

France

Cyber insurance risks: evaluating the cyber costs of cyber risks

To adequately price a risk – or in other words, to set the premium (the amount to be paid for... Read more

Olivier
LOPEZ

Sorbonne University

Caroline
HILLAIRET

Ensae-ParisTech

Socio-economy & New Tech

Cyber Security

Post-Doctoral Fellowship

Switzerland

Making cyber fraud detection methods quicker and more reliable

Optimal stopping theory: applying probability and statistics to fraud detection "In current methods, the normal card user pattern of expenditures... Read more

Bruno
BUONAGUIDI

Finance Faculty of Economics Università della Svizzera Italiana

Socio-economy & New Tech

Cyber Security

Data Privacy & Ethics

AXA Chair

Singapore

Ensuring data security and privacy protection in the cloud computing environment

Creating an additional security level while keeping the benefits and flexibility of cloud storage "Cloud storage exhibits a paradox as... Read more

Robert
DENG

Singapore Management University