Making Security Manifest Security and Autonomy for End Users
Allan A. Friedman
Harvard University - Harvard Kennedy School (HKS)
L. Jean Camp
Indiana University Bloomington - School of Informatics
September 1, 2003
With the increased concern over national security there has been increased debate over reliability and security of communications and computer systems. (Bush, 2001). One element of this effort has been on the need for reliable data on computer security risks and incidents. Information is necessary for a functioning market, and transparency (requiring information) is necessary for functional governance.
Despite the consensus on the need for better information, there is a significant divergence about the nature and distribution of security information. Security infrastructures can be mechanisms of user control (Anderson, 2003) or mechanisms to empower the user (Clark and Blumenthal, 2000).
End user security is critical. Distributed denial of service attacks illustrate how the capacity to create zombies (machines under the control of a malicious external agent) at many small nodes creates risks for the largest and most hardened targets.
Proposals to address failures in the market for computer security include the establishment of a liability regime for computer security, insurance markets for security risks or even creating tradable permits (Camp & Wolfram, 2000). Yet the solutions assume that the end user will be able to avail themselves of the legal or commercial mechanisms for security with little or no cost.
For security to function at the end points, there must be reliable data for the end user. Such data must be communicated clearly and there must be feasible mechanisms for the end user to respond to security breaches. In this work we illustrate that all the necessary technical components exist. What is needed is a vision and a national commitment to integrate the components. Developing the system that enables Internet users to protect themselves is a more powerful, more democratic and more resilient system for protecting our national information assets.
Number of Pages in PDF File: 9Accepted Paper Series
Date posted: May 22, 2012
© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo5 in 0.609 seconds