FLASH INFORMATIQUE FI



ISIS - EPFL’s newly launched center for interdisciplinary studies in information security




Arjen LENSTRA


This note describes the background, vision, and plans of EPFL’s recently launched interdisciplinary center for information security.

The lack of information security is a pervasive problem. Everyone who uses the Internet or whose personal data are stored electronically is affected : ordinary users, businesses, governments, just about everything. The costs involved -to prevent and to cover losses- are staggering. Software is constantly patched and new layers of software, requiring more patches, are continually wrapped around existing ones in an attempt to ?x vulnerabilities and mitigate threats. The return on investment of new security measures is becoming questionable. How long before this mushrooming software approach will become economically unsustainable ?

The problem is that achieving information security is still mostly regarded as a technical issue that can be solved by the same experts that built the new communications infrastructure. However, it is slowly beginning to dawn upon us that the Internet is not different from other technical developments that are in the process of being incorporated in society. At a given point when a technology matures, its development is no longer guided by technical advances or their inventors but by ordinary societal concerns, such as human and psychological issues, business and economic considerations, risk assessments, and legislative and regulatory constraints. Identifying and eliminating economic incentives of information insecurity, rooting out irresponsible and criminal Internet behavior through education and enforcement of adequate policies and legislation should complement technical measures, and may ultimately prove to be more effective.

EPFL’s newly launched information security center recognizes this interdisciplinary aspect of information security. It aims to combine EPFL’s established technical strengths with less technical disciplines that are not traditionally taught or studied in the EPFL environment, but that are essential to get a grip on the information security problem. Collaboration with other schools and universities with the required complementary expertise will be actively pursued.
The center will have strongly interacting educational and research components. On the short term there will be a focus on demand-driven continuing education courses on information security related subjects taught by both external specialists, quali ?ed industrial partners, and EPFL faculty, in collaboration with EPFLs’ School of Continuing Education. A week long course on Security Essentials was given last June, courses on Cyber Risk and Biometrics will take place this coming September and October. Research will focus on projects that combine academic substance with industrial relevance. So far two such projects have been identi ?ed and will be carried out : a comparative study of existing cyber risk approaches combined with development of a practical cyber risk model that allows meaningful risk assessment, quanti ?cation, and aggregation, and a project that integrates security requirements (such as side-channel attack resistance) in the design of embedded systems. Depending on strong enough industrial support and buy-in more similar projects will be sought in the future, with the explicit awareness that many solutions may be of a more societal than technical nature.
Long term educational plans include a Master of Sciences specialization in information security. Graduates of this prospective MS program should combine technical savvy with a thorough appreciation and proper understanding of the myriad of non-technical aspects of information security. As a result they should be able to effectively take on high level information security responsibilities without the current long lead-in times, or to engage in research that could actually solve current information security problems as opposed to compounding them.

Ultimately, the center should evolve into an international center of gravity for education and research in information security, where innovative effective ideas are developed, studied, taught, and, if relevant, brought to the market. Given EPFL’s reputation for excellence it should be possible to attract not only the leading specialists and top-notch students but also the funding required to realize the center’s vision. The bene ?ts to EPFL, the entire region and, more importantly, to a more mature way of addressing information security can be substantial.



Cherchez ...

- dans tous les Flash informatique
(entre 1986 et 2001: seulement sur les titres et auteurs)
- par mot-clé

Avertissement

Cette page est un article d'une publication de l'EPFL.
Le contenu et certains liens ne sont peut-être plus d'actualité.

Responsabilité

Les articles n'engagent que leurs auteurs, sauf ceux qui concernent de façon évidente des prestations officielles (sous la responsabilité du DIT ou d'autres entités). Toute reproduction, même partielle, n'est autorisée qu'avec l'accord de la rédaction et des auteurs.


Archives sur clé USB

Le Flash informatique ne paraîtra plus. Le dernier numéro est daté de décembre 2013.

Taguage des articles

Depuis 2010, pour aider le lecteur, les articles sont taggués:
  •   tout public
    que vous soyiez utilisateur occasionnel du PC familial, ou bien simplement propriétaire d'un iPhone, lisez l'article marqué tout public, vous y apprendrez plein de choses qui vous permettront de mieux appréhender ces technologies qui envahissent votre quotidien
  •   public averti
    l'article parle de concepts techniques, mais à la portée de toute personne intéressée par les dessous des nouvelles technologies
  •   expert
    le sujet abordé n'intéresse que peu de lecteurs, mais ceux-là seront ravis d'approfondir un thème, d'en savoir plus sur un nouveau langage.