Willem G. Vree

Trust metrics for survivable security systems

Critical information infrastructures contain specific nodes that provide security services; those are called security or trust centres. The goal of this paper is to find algorithms for enabling trust centres to become sustainable by sharing (superfluous) their security resources. The first algorithm indicates the number of segments the total distrusted infrastructure has to be split in to result in many smaller trusted groups. The second type of algorithms is meant to enable the autonomous trust valuation by the nodes. The third type of algorithm comprehends the creation of and the distribution of security assets to other resources.

New perspectives on inverse infrastructures

This paper explores the emergence and characteristics of what Vree [1] has called inverse infrastructures--a category of user-driven, self-organizing infrastructures, primarily characterized by bottom-up development and decentralized control. They are ‘inverse’ in respect to the large-scale centralized infrastructures dominant today. Drawing from ICT cases, it identifies, characterizes and examines the uniqueness of inverse infrastructures. It argues that inverse characteristics are not unique to the field of ICT; they are recognizable in other sectors as well. Moreover, despite similarities to the initial emergence of large-scale technical systems (LTSs) in past centuries, the ICT cases discussed have distinct inverse features. We conclude that the characteristics of inverse infrastructures and their novelty must be understood within the historical context of their recent emergence. Their significance for and potential impact on different infrastructure sectors is high. Therefore, the lack of policy awareness about models of infrastructure development other than the dominant LTS-based model is disconcerting.

Emergent information security in critical infrastructures

The growing tendency to inter-weaving infrastructures makes them more complex, less manageable, and more vulnerable to random system failures. Several information systems are usually added to manage and control such infrastructures. However, in this internet era these information infrastructures have increasingly become the targets of sophisticated (denial of service) attacks, which cause random failures. Common technologies designed to improve the resilience of critical nodes in such information infrastructures are based on costly, dedicated, and limited redundant hardware systems. This paper explores the possibility to apply self-organisation and resource sharing techniques between the security nodes to increase the infrastructure resilience. It is possible then to achieve perpetual availability without dedicated redundant systems.

Virtual Trust in Distributed Systems

This paper raises two problems of trusted services in distributed organizations. First, on a global scale trust becomes a hard issue to solve for many multinationals since there is no such thing as a global PKI, although many efforts try to overcome this gap. We propose an alternative non-institutionalized trust model to overcome this global trust dilemma. Second, trust prohibits real-time concurrent replication of the trusted service on redundants to increase dependability. We argue why the fuzzy concept trust does not permit replication techniques and propose an indirect approach to trust by indicators.

Building a distributed security defence system

Given the complexity of infrastructures, current state of security technology and the limited budgets any security defense systems can be outnumbered by a sufficient number of random sequential failures, e.g. due to multiple DOS attacks. Complementary to the regular solutions where per node several identical dedicated nodes are added (i.e. redundants), a resource sharing approach between undedicated nodes is aimed to build a large scale cluster of redundants and approximate perpetual availability of security distributing nodes. In this work principles are acquired from related and unrelated fields to build a distributed defense system (DDS) that relies on resource sharing. The proposed protocol set, called Medusa, achieves this DDS by dissociating trust authority from identity and hardware, making trust a moveable emancipated commodity. As a moveable object trust can apply traditional fault tolerance techniques by process migration.

Balancing in organizations: applying complex adaptive systems' patterns to organizational architecture

Important characteristics of an organisation, such as the balance between standardisation and innovation, or between top down governance and bottom up freedom of initiative, cannot be maintained by explicit directives, but have to be maintained by means of balancing. The optimum level for such characteristics is dynamic and situation dependent. This level can only be determined as a dynamic equilibrium of counteracting forces (balancing). Complex adaptive systems theory studies this kind of dynamic equilibrium states. The characteristics that need balancing are often of vital importance to an organisation and should be taken into account in organizational architecting. Architecture is a very common instrument nowadays in many organisations. Yet current architecture methods spend no attention to balancing problems, with only very few exceptions. This work argues that balancing should be addressed in organizational architectures and indicates how this can be done, using complex adaptive systems as a theoretical framework.

The paradox between complexity and reliability of computer infrastructures

Whereas complexity is usually perceived as a negative factor opposing safety of critical infrastructures, in this paper we claim that complexity can be positively exploited to relax safety. For this purpose, we consider an infrastructure as a complex adaptive system (CAS). To ground our claim three case studies will be conducted on critical computer infrastructures. In the first case study, a large trusted computer network relapses after a disaster or attack into an anarchistic hardly trusted network. In the second case, critical nodes in a large trusted computer network suffer from Denial of Service attacks. In the third case the Internet is suffering from ISP routing oligopolies. In all the cases we will show how CAS resolves the problems.