syssec_red_book

14. Grand Challenges14.3 Provide Private Moments in Public PlacesEnable users to have private communication in the public areas of the cyberspace.Consider the following analogy: The fact that people are havingdinner in a public restaurant does not mean that their conversation could berecorded by the manager of the restaurant, and later made available withouttheir explicit consent. Similarly, the fact that people are communicating in thecyberspace does not imply that parts of their communication can be recordedand used later through means outside their control. We propose to developmechanisms that will enable people to have a reasonable expectation of privacyin what can be considered a public venue in the cyberspace.14.4 Develop Compromise-Tolerant SystemsProvide adequate security levels even if components of the system have beencompromised. It is reasonable to expect that not all attacks will be detectedand successfully mitigated. Human errors, software errors, hardware errors,and insufficient protection mechanisms will allow some attacks to go throughsuccessfully. This implies that some systems, or components of systems willbe compromised, and this may go undetected for a long period of time. Givensuch an environment, we should develop systems that will be able to providedecent security guarantees even if some of their components are compromised.Should a bank’s accounts be allowed to empty because a teller’s computer hasbeen compromised? Should a cloud provider’s password file be out in theopen because an employee’s account has been compromised? Should a user’sprivate life be out in the open because a friend’s account in a social networkhas been compromised?How shall we design systems that will be able to provide decent levels ofprivacy and security given that some of their components have been compromised?104