the pandora security model - alessandro confetti
TRANSCRIPT
1
THE PANDORASECURITY MODEL
Alessandro Confetti
24-FEB-2017
Il vaso di Pandora, 2011 by Paride Cevolani
What is the purpose of a security
model?
2Alessandro Confetti - The Pandora Security Model
33
photo by S. DocChewbacca, CC BY-SA 2.0 Alessandro Confetti - The Pandora Security Model
THE OLD PIRATESECURITY MODEL
Do we know our treasure?
4Alessandro Confetti - The Pandora Security Model
Culture & Knowledge
5
the world of booksWRITTEN TRADITION
the power of hyperlinksDIGITAL TRADITION
the magic of voiceORAL TRADITION
Alessandro Confetti - The Pandora Security Model
Digital Tradition
GOOD NEWS
There never was in all of human history a more thriving and widespread
production and consumption of culture and knowledge.
BAD NEWS
There never was in all of human history an easier way of destroying
culture and knowledge: just cut a cable, or switch off the power
6Alessandro Confetti - The Pandora Security Model
The 5 Paradoxes of Digital Content
7
1centralized data silos
Available everywhere but stored in very few
places
2permanent &
distributed web
Easy to find only if
it remains in the same
place
3metadata &
semantic web
Easy to search
but hard to catalog
4digital rights management
Cheap to duplicate but costly
to attribute
5sw & hw
obsolescence
Storage & access are both encoded
Alessandro Confetti - The Pandora Security Model
Pandora’s goalPROTECT THE ACCESS AND PRESERVE BOTH THE CONTENTS AND THE LINKS
1st
8Alessandro Confetti - The Pandora Security Model
How many storage vaults?
9Alessandro Confetti - The Pandora Security Model
1010
illustration by ecay
THE FORTY THIEVES STORAGE MODEL
Alessandro Confetti - The Pandora Security Model
Pandora Linked Jars
11
1 3
2 4
SECRET Data to be destroyed
ofter our death
PROTECTED Data we want
to share with someone
PRIVATE Data we don’t want
to share as long we are alive
PUBLIC Data we want
to share with everyone
3
FICTIONAL Data we want
to share with everyone
3
ANONYMOUS Data we want
to share with everyone but not be traced
Alessandro Confetti The Pandora Security Model
Pandora’s goalONCE DATA IS MOVED FROM A LOWER LEVEL JAR, IT CAN’T GO BACK
2th
12Alessandro Confetti - The Pandora Security Model
Useful Links
13
Distributed and Permanent Web The Inventors of the Internet Are Trying to Build a Truly Permanent Web
Decentralized Web Summit
Evolving terminology with evolved technology: decentralized versus distributed
Solid - Re-decentralizing the web
p2p & distributed file system projects: IPFS, SWARM
01
02
03
04
05
Alessandro Confetti - The Pandora Security Model
About the right to be forgotten European’s Commission factsheet
Vint Cerf – A Web that Archives Itself
01
02
Authentication Strategies
14
i.e passwords, personal questions
what you know
i.e smartcards, tokens, keys, smartphones
what you own
i.e biometric infowho you are
Alessandro Confetti - The Pandora Security Model
How many digital
identities?
15Alessandro Confetti - The Pandora Security Model
1616
This image is a part of "Creation of Adam" by Michelangelo Alessandro Confetti - The Pandora Security Model
THE MONOTHEISTIC DIGITAL IDENTITY MODEL
Pandora’s goalUSE AT LEAST AS MANY IDENTITIES AS YOUR JARS
3rd
17Alessandro Confetti - The Pandora Security Model
Multiple Linked Identities
18
PRIVATE IDENTITIES
SECRET IDENTITIES
FICTIONAL IDENTITIES
PUBLIC IDENTITIESHUMAN BEINGS
PROTECTED IDENTITIES
ANONYMOUS IDENTITIES
A.I.(s)
Alessandro Confetti - The Pandora Security Model
Pandora’s goalENCOURAGE MULTIPLE IDENTITIES
4nd
19Alessandro Confetti - The Pandora Security Model
Useful Links
20
Digital Identity for Indian Government’s Aadhaar project
see Wired or Harvard Business School articles
for Italian Government’s initiatives see SPID and ANPR
for China citizens’ rating system see Pagina99 article
for blockchain Identity Management see NameCoin and OneName
01
02
03
04
Alessandro Confetti - The Pandora Security Model
Copyrights Leaked European Commission Copyright Plans
Ignore the Public Interest
Upload Filtering Mandate Would Shred European Copyright Safe Harbor
What the heck is ancillary copyright and why do we call it the Link Tax?
01
02
03
What’s inside the jar?
21Alessandro Confetti - The Pandora Security Model
2222
photo by Andy Moore, CC BY-NC-ND 2.0
THE VOGON CATALOG SYSTEM
The 4Ws Tags Folksonomy
23
Alessandro Confetti - The Pandora Security Model
01 WHO
03 WHERE
04 WHEN.
02 WHAT
Pandora’s goalSTORE CONTENT AND METADATA TOGETHER
5th
24Alessandro Confetti - The Pandora Security Model
Useful Links
25
Ontologies & Folksonomies Evolving Ontologies from Folksonomies: Tagging as a Complex System
Ontology vs Folksonomy
Five Ws
MP3 & metadata: meet ID3
01
02
03
04
Alessandro Confetti - The Pandora Security Model
Is format important?
26Alessandro Confetti - The Pandora Security Model
2727
photo by Gareth James, CC BY-NC 2.0 Alessandro Confetti - The Pandora Security Model
THE CAVEMAN CONTENT CREATOR PARADIGM
Pandora’s goalALWAYS KEEP THE FORMAT READABLE WITH THE AVAILABLE TOOLS
6th
28Alessandro Confetti - The Pandora Security Model
Useful Links
29
Digital Obsolescence & Preservation When Data Disappears
The Battle Against Digital Obsolescence
Blue Ribbon Task Force on Sustainable Digital Preservation and Access
01
02
03
Alessandro Confetti - The Pandora Security Model
The Pandora Security Model Testbed
30
Content without metadata has no value; ontologies should not be imposed
Content & Metadata
Unreadable content has no value; Open formats and tools are essential
Format is important
stop complaining about the right to forget; fight for the right to be remembered
Published data can’t be forgotten
protect the access and preserve both
the contents and the links
Protect & Preserve
encourage multiple identitiesbut let them be classified; a.i. & bots need an identity
Multiple Digital Identies
link the storage to just one identity
and classify it upon purpose
One jar for each purpose
Alessandro Confetti - The Pandora Security Model
FOLLOW ME ONALESSANDRO CONFETTI
OSLO srl CTO [email protected]
READ ME ON
my blog - imille.org - mediumGET IN TOUCH
THANK YOU!
The Pandora Security Model