This week, the e-Science Institute launched a new research theme which should be of great relevance to industry as well as scientists - in fact, it may even help ordinary consumers to protect our own privacy online. The theme is about "Trust and Security in Virtual Communities". Andrew Martin, the theme leader, explained its aim in a webcast talk.
The problem that Andrew is exploring is how we can trust a grid infrastructure to protect our sensitive data. In addition, how can we trust the results that we get back from running a job on "the computing cloud"?
To give one concrete example, Andrew was involved in the climateprediction.net project, which encouraged people to contributed their PC's spare cycles to run climate modelling simulations. This raised several security issues. From the users' point of view, could they trust that the climateprediction.net program would not hijack their PC? Conversely, could the scientists trust that the data sets returned were run by their model and not by some hacked (or "improved") version?
Commercial examples are easy to find. Much industrial data is valuable and/or sensitive, which limits the trust that companies have in sharing it with potential collaborators. And in e-health, patients want to be sure that their personal medical records are only seen by relevant people in appropriate situations.
In everyday life, one example arises when we put photos on a web site. We may put them there for family and friends but may want to stop even close relatives from copying and pasting them elsewhere.
In all these cases, we want to attach policy statements to the data that control who may do what with that data. For this to work, the data must then only be viewed by applications that we trust to "do the right thing". This is a hard problem - how can we trust software running on someone else's machine?
Fortunately, the computing industry is developing tools to do some of this work. Central to this is the Trusted Platform Module (TPM), which can uniquely identify hardware. The new eSI theme will look at ways that this technology can benefit scientists, companies and citizens. For more information, take a look at this green paper.
The problem that Andrew is exploring is how we can trust a grid infrastructure to protect our sensitive data. In addition, how can we trust the results that we get back from running a job on "the computing cloud"?
To give one concrete example, Andrew was involved in the climateprediction.net project, which encouraged people to contributed their PC's spare cycles to run climate modelling simulations. This raised several security issues. From the users' point of view, could they trust that the climateprediction.net program would not hijack their PC? Conversely, could the scientists trust that the data sets returned were run by their model and not by some hacked (or "improved") version?
Commercial examples are easy to find. Much industrial data is valuable and/or sensitive, which limits the trust that companies have in sharing it with potential collaborators. And in e-health, patients want to be sure that their personal medical records are only seen by relevant people in appropriate situations.
In everyday life, one example arises when we put photos on a web site. We may put them there for family and friends but may want to stop even close relatives from copying and pasting them elsewhere.
In all these cases, we want to attach policy statements to the data that control who may do what with that data. For this to work, the data must then only be viewed by applications that we trust to "do the right thing". This is a hard problem - how can we trust software running on someone else's machine?
Fortunately, the computing industry is developing tools to do some of this work. Central to this is the Trusted Platform Module (TPM), which can uniquely identify hardware. The new eSI theme will look at ways that this technology can benefit scientists, companies and citizens. For more information, take a look at this green paper.
Comments