Research and Advances
Architecture and Hardware Privacy and security in highly dynamic systems

Introduction

Posted
  1. Article
  2. Author
  3. Footnotes

The IT community is accustomed to looking at the evolution of computers referring to the "laws" and "theories" of Moore and Bell. However, in the age of ad hoc and spontaneous networking and miniaturization, additional non-hardware-based dimensions may help to influence our conceptions of future developments in computing.

The theory of computer-class formation from 1975 by Bell, which is based on Moore’s Law, asserts computer evolution follows a cycle where the presiding dominant class is described by performance improvements and stable prices. A new class begins to be formed when the cost of a given function can steadily be reduced. Given this scenario, the conditions for a new computing class are reached approximately once every decade. Bell’s theory accounted for the emergence of minicomputers in the 1970s, which at a cost of approximately $100,000 dollars were significantly less expensive than the $1 million mainframes of the era. The minicomputers were superseded by $1,000 PCs, followed by the several-dollar digital handheld, and even the smaller ubiquitous devices, some of which cost just a few cents.

Despite this progress, there has been no revolution. Computers are more or less the same. First, there is no discontinuity in the technology. Second, only the cooperation of low-cost computers, advanced interfaces to the physical world, and increased and affordable bandwidth define how useful computers are for processing, storing, and communicating information. The mainframe and the PC eras are characterized by different hardware and software, a different style of use, and new applications. Future computing will take place in "mixed-mode systems" consisting of heterogeneous, decentralized nodes in wireless networks. The devices differ in size, storage capacity, connectivity, mobility, processing power, and user interfaces. The applications are service-oriented and distributed. We already interact today with mixed-mode systems in health services, traffic control, entertainment, and retail. Promising experiments are being carried out at the Metro Future Store, in Germany’s public health service, and in business initiatives toward better customer relationships. While mixed-mode systems along with Weiser’s ubiquitous computing stress the technical aspect, the success factor of highly dynamic systems (HDS) will be non-technically motivated and will be found in the properties to dynamically handle openness and adapt to changes:

  • Dynamic Handling of Openness: HDS are not specified for a given task and limited space. They experience a continuous extension.
  • Dynamic Adaptation to Changes: Interaction with HDS is not prespecified and the usage is determined during utilization.

The way HDS are already used raises a number of trustworthiness issues, particularly with regard to privacy and security. Security is often equated with access control, which consists of authentication and authorization and is realized in such a way that unauthorized operations are identified in advance and subsequently forbidden.1 Any predefined access rights contradict with the openness and adaptation properties of HDS. Privacy is the possibility to control the distribution and use of personal data. All the existing privacy technologies are based on security technologies, and are only effective in a predefined setting.

The articles in this special section offer in-depth insights into some of the challenges involved in realizing security and privacy in HDS. Sackmann, Strüker, and Accorsi discuss experiences and options regarding the pursuit of privacy in a setting analogous to the "Extra Future Store" of the Metro Group in Germany. They propose a privacy solution that is not based on access control, but unconditionally accepts any form of data collection and provides the possibility to verify the usage of this data. Obscurity, as the present approach for privacy, is now replaced by ex post transparency. Their concept of privacy evidence obliges a store, for example, to notify customers about the collected personal data and inform them of the purpose for which it has been used. The focus changes from prevention to detection of misuse.

Pretschner, Hilty, and Basin retain access control and extend data protection by not only considering data of the past, but also of the present. Privacy policies in HDS should encompass not only provisions to regulate access to data, but also obligations denoting the commitments to be adhered to during access, and compensations in the event that obligations are violated. Privacy evidence and obligations have data as their object of concern. Recently, however, mobile code has become a serious threat to security and privacy because until today, programs are handled as black boxes.2 It is only possible to determine the actual function of a program by giving it a credential of a trusted third party.

Seshadri et al. describe an approach to externally verify code. An outside verifier can guarantee the correct invocation and untampered execution of any program or device. This extends the fact that malware may not present a danger to the dependability of systems and contributes to adaptability in changing environments.

Access control, privacy technologies, and secure protocols depend on cryptographic primitives that remain secure during the whole time span of their deployment. The validity of digital signatures and the protection of digital documents, for example, university diplomas, must often last for many decades. In addition, cryptographic algorithms require for their execution a minimum of resources, which may not be available in some devices. Buchmann, May, and Vollmer address this problem and show that today’s security mechanisms generate results that can be successfully corrupted within a short period of time.


Only the cooperation of low-cost computers, advanced interfaces to the physical world, and increased and affordable bandwidth define how useful computers are for processing, storing, and communicating information.


Subirana and Bain conclude the section by returning the focus to the retail business realm. They claim that most online activities are illegal and will backfire once the customers observe infringements of their rights. "Legal Programming" is a process-oriented approach to comply with legal and technical conditions. While this is not a technique yet, it points to an interesting direction to balance the power of shopper and shop-owner.

Given the scope of the topic, this group of articles on privacy and security issues of highly dynamic systems does not cover the entire spectrum of the section title. There are other relevant aspects, and there is so far no completely satisfying technical solution for any of them. It is hoped, however, that advances in this area will be inspired by the material presented here.

Back to Top

Back to Top

    1G. Müller, Ed. Emerging trends in information and communication security. Volume 3995 of Lecture Notes in Computer Science. Springer-Verlag, 2006.

    2Recovery-oriented computing; roc.cs.berkeley.edu/.

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More