Using High Assurance Components to Improve the Directed Use of Human Expertise
- When?
- Wednesday 2 December 2009, 16:30 to 17:30
- Where?
- 39 BB 02
- Open to:
- Staff, Students
- Speaker:
- Peter Davies, Technical Director, Thales e-Security
Information Assurance solutions are usually made up of a variety of techniques which together a level of assurance to the information being used. It is currently beyond the state of the art to automate the identification, understanding and response to developing treat vectors and the operation of Information Assurance solutions over the long term demands very heavy levels of human expertise with all of the associated costs. Part of the issue here is that whereas we as the information assurance community (developers and assessors) do have a rigorous framework for the assessment of quality in certain types of high assurance components these techniques do not exist for large parts of the infrastructure on which assured components are reliant.
This paper will argue that deploying High Assurance components is a more cost effective solution and allows the deployment of scarce expertise to areas where it can have most impact.
Brief Biography: Peter Davies is Technical Director of Thales e-Security. Mr Davies’s career has spanned both commercial and government sectors included the design and development of equipment for the protection of nationally and internationally significant major inter-bank systems example being the CHAPS network in the UK and the CHIPS network in the US.
Mr Davies has been associated with the specification and development of many internationally successful large-scale key-management schemes for both the commercial and government sectors. These schemes have included major contributions to the credit card and mobile phone industries as well as the design, implementation and certification of an Electronic Key Management System currently deployed to over 20 governments worldwide.
Mr Davies has been active both in the UK and US in the development and certification of information assurance equipment at all government grades specialising over the past 10 years in the development and certification of soft loaded cryptographic solutions. This has involved ongoing discussions with the approvals and certification agencies of both banking and government sectors.
Mr Davies’s technical achievements have included the development and shipment of equipment based on early implementations of public key crypto systems as well as more recent work to establish methodologies and technologies to support more flexible security solutions. In this context Mr Davies is currently leading an international effort to establish a grammar and suggested legal framework for defining strength of security mechanisms based on dissimilar technologies.
Over his career Mr Davies has contributed to international standards including those in the X.400 area for messaging, X.500 area for certificates and more recently has been a contributor to the ANSI X.9 standards.
Mr Davies has been a frequent speaker at conferences and contributor to journals concerned with Protection of Critical National Infrastructures, Law Enforcement and Commercial security. He has presented papers covering the paradigm shift in security models that must accompany a more connected and less controlled environment advising both commercial and government agencies on strategies and concerns for the protection of a network centric environment.
Mr Davies is currently specialising in solving evolutionary interoperability requirements in information security.