Skip to main content

Data Protection, TPM and Grids

This week, the e-Science Institute launched a new research theme which should be of great relevance to industry as well as scientists - in fact, it may even help ordinary consumers to protect our own privacy online. The theme is about "Trust and Security in Virtual Communities". Andrew Martin, the theme leader, explained its aim in a webcast talk.

The problem that Andrew is exploring is how we can trust a grid infrastructure to protect our sensitive data. In addition, how can we trust the results that we get back from running a job on "the computing cloud"?

To give one concrete example, Andrew was involved in the project, which encouraged people to contributed their PC's spare cycles to run climate modelling simulations. This raised several security issues. From the users' point of view, could they trust that the program would not hijack their PC? Conversely, could the scientists trust that the data sets returned were run by their model and not by some hacked (or "improved") version?

Commercial examples are easy to find. Much industrial data is valuable and/or sensitive, which limits the trust that companies have in sharing it with potential collaborators. And in e-health, patients want to be sure that their personal medical records are only seen by relevant people in appropriate situations.

In everyday life, one example arises when we put photos on a web site. We may put them there for family and friends but may want to stop even close relatives from copying and pasting them elsewhere.

In all these cases, we want to attach policy statements to the data that control who may do what with that data. For this to work, the data must then only be viewed by applications that we trust to "do the right thing". This is a hard problem - how can we trust software running on someone else's machine?

Fortunately, the computing industry is developing tools to do some of this work. Central to this is the Trusted Platform Module (TPM), which can uniquely identify hardware. The new eSI theme will look at ways that this technology can benefit scientists, companies and citizens. For more information, take a look at this green paper.


Popular posts from this blog

Presentation: Putting IT all together

This is a presentation I gave to an audience of University staff: 

In this seminar, I invite you to consider what the University’s online services would be like, if we worked together to design them from the perspective of the student or member of staff who will use them, instead of designing them around the organisational units that provide them. I’ll start with how the services might appear to that student or member of staff, then work back from there to show what this implies for how we work, how we manage our data, and how we integrate our IT systems. It might even lead to changes in our organisational structure.

Our online services make a vital and valued contribution to the work of our students and staff. I argue that with better integration, more consistent user interfaces, and shared data, this contribution could be significantly enhanced.

This practice is called “Enterprise Architecture”. I’ll describe how it consults multiple organisational units and defines a framework …

Not so simple...

A common approach to explaining the benefits of Enterprise Architecture is to draw two diagrams: one that shows a complicated mess of interconnections, and one that shows a nicely layered set of blocks. Something like this one, which came from some consultants:

I've never felt entirely happy with this approach.  Yes, we do want to remove as much of the needless complexity and ad-hoc design that litters the existing architecture.  Yes, we do want to simplify the architecture and make it more consistent and intelligible.  But the simplicity of the block diagram shown here is unobtainable in the vast majority of real enterprises.  We have a mixture of in-house development and different third-party systems, some hosted in-house, some on cloud infrastructure and some accessed as software-as-a-service.  For all the talk of standards, vendors use different authentication systems, different integration systems, and different user interfaces.

So the simple block diagram is, basically, a l…

2016 has been a good year

So much has happened over the last year with our Enterprise Architecture practice that it's hard to write a succinct summary.  For my day-to-day experience as enterprise architect, the biggest change is that I now have a team to work with.  This time last year, I was in the middle of a 12-month secondment to create the EA practice, working mainly on my own.  Now my post has been made permanent and I have recruited two members of staff to help meet the University's architectural needs.

I have spent a lot of the year meeting people, listening to their concerns and explaining how architecture can help them.  This communication remains vital, the absolute core of what we do and we will continue to meet people in this way.  We also talk to people in other Universities in order to learn from what they are doing and to share our own experience back.  A highlight in this regard was my trip to the USA last January.

Our biggest deliverable for the past year was the design of the data wa…