Quality as a prerequisite for security in interoperable systems
Technologies & Applications Spring 2012 Seminar Series
- When?
- Friday 2 March 2012, 10:00 to 12:00
- Where?
- 39 BB 02
- Open to:
- Public, Staff, Students
- Speaker:
- Peter Davies, Thales e-Security Technical Director
Considerable effort goes into specifying secure and security protocols and the equipment in which these are embodied. In most cases the specification concentrates on positive cases with very little concentration on failure modes.
This talk will concentrate on limitations that are imposed on our ability to make assertions about the security of a system where we are unable to understand the quality of the implementation. It will do so by examining the types of failure that have led to security system failures.
Finally, the talk will examine some of the extant security protocols and show that these provide very little support for identifying and guaranteeing the quality of components networked together in a distributed system.
Biography
Peter Davies is Technical Director of Thales e-Security. Mr Davies’s career has spanned both commercial and government sectors included the design and development of equipment for the protection of nationally and internationally significant major inter-bank systems example being the CHAPS network in the UK and the CHIPS network in the US.
Mr Davies has been associated with the specification and development of many internationally successful large-scale key-management schemes for both the commercial and government sectors. These schemes have included major contributions to the credit card and mobile phone industries as well as the design, implementation and certification of an Electronic Key Management System currently deployed to over 20 governments worldwide. Mr Davies has been active both in the UK and US in the development and certification of information assurance equipment at all government grades specialising over the past 10 years in the development and certification of soft loaded cryptographic solutions. This has involved ongoing discussions with the approvals and certification agencies of both banking and government sectors.
Mr Davies’s technical achievements have included the development and shipment of equipment based on early implementations of public key crypto systems as well as more recent work to establish methodologies and technologies to support more flexible security solutions. In this context Mr Davies is currently leading an international effort to establish a grammar and suggested legal framework for defining strength of security mechanisms based on dissimilar technologies.
Over his career Mr Davies has contributed to international standards including those in the X.400 area for messaging, X.500 area for certificates and more recently has been a contributor to the ANSI X.9 standards.
Mr Davies has been a frequent speaker at conferences and contributor to journals concerned with Protection of Critical National Infrastructures, Law Enforcement and Commercial security. He has presented papers covering the paradigm shift in security models that must accompany a more connected and less controlled environment advising both commercial and government agencies on strategies and concerns for the protection of a network centric environment.
Mr Davies is currently specialising in solving evolutionary interoperability requirements in information security.
