Das Projekt Open Moko hat die Gehäusespezifikation des von ihm entwickelten Handys unter eine Open-Source-Lizenz gestellt. Die CAD-Dateien zum Gehäuse-Design der Mobiltelefonreihe "Neo" wurden unter einer "Creative Commons Share Alike"-Lizenz veröffentlicht. Damit kann jeder neben der Linux-Software auch das Design der Open-Moko-Geräte einsehen und modifizieren.
Die CAD-Dateien der Gehäuse sind sowohl für das - für Entwickler - bereits erhältliche "Neo 1973" als auch für das bislang nur angekündigte Modell "Neo Freerunner" verfügbar. Mit der Veröffentlichung will Open Moko nach eigenen Angaben mehr als nur kosmetische Änderungen ermöglichen: Das Unternehmen hofft, dass Gehäuse-Designs als echte Einzelstücke gefertigt werden.
Open Moko konkurriert mit von der Öffentlichkeit bisher stärker beachteten mobilen Linux-Konzepten wie Google Android und der Limo-Plattform. Die Freigabe der Design-Details verschafft Open Moko allerdings ein vorläufig einmaliges Feature.
Dr. Michael Lauer, Vanille-Media
Michael Lauer ist IT-Freelancer und FOSS Enthusiast. Er ist spezialisiert auf Plattformarchitektur und Cross-Layer-Integration Linux-basierter verteilter Umgebungen. Seit Beginn des Projekts arbeitet er für OpenMoko, Inc. in der Entwicklung.
Prof. Christian W. Probst, Technische Uni Dänemark
The ”insider threat” or ”insider threat” has received considerable attention, and is cited as the most serious security problem in many studies. It is also considered the most difficult problem to deal with, because an ”insider” has information and capabilities not known to other, external attackers. However, the term ”insider threat” is usually either not defined at all, or defined nebulously. The difficulty in handling the insider threat is reasonable under those circumstances; if one cannot define a problem precisely, how can one approach a solution, let alone know when the problem is solved? Definitions of the insider threat have some common elements. For example, a workshop report defined the problem as malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems. Elsewhere, that same report defined an insider as someone with access, privilege, or knowledge of information systems and services. Another report implicitly defined an insider as anyone operating inside the security perimeter.
Who is an Insider?
According to Merriam-Webster’s dictionary, an “insider” is a “member of a group, category, or organization: as . . . a person who is in a position of power or has access to confidential information; or . . . one (as an officer or director) who is in a position to have special knowledge of the affairs or to influence the decisions of a company.” In the context of a threat, this definition means that the insider uses that access, knowledge, or information to do something nefarious. So the insider must be trusted not to violate the confidences entrusted to her. In terms of computer security, the insider is one who has some property that distinguishes her from others. This property requires that the insider be able to take action that would violate the security policy were it done by an untrusted user . The insider is trusted to do so only when appropriate. As an example, consider the proof for get-read satisfying the Bell-LaPadula mode. The “trusted subject” is a subject whose current security level does not dominate that of the object. Were the subject to act nefariously, the ?-property would not hold.
Where will she attack?
On the other hand it is also an open problem, where and how an insider threat or attack might occur. The reason relates to the vague definition of the insider - she has certain rights granted to her by a security policy, so it is hard to distinguish admissible behavior from non-admissible behavior.
How do we deal with this?
If we already have those big problems in defining, what an insider and the potential threat he poses are, then it does not come as a surprise that dealing with the insider problem, as well as with insider attacks, usually happens on an equally nebulous level. The state-of-the-art solution is still to analyze log-files after the fact, that is after an attack happened. However, at this point in time it is already too late to hinder the attacker, and as a result usually policies are sharpened in order to make another attack less likely.
Goals and Expected Results
The goal of the proposed Dagstuhl seminar is to bring together researchers and practitioners from disparate fields and perspectives who share a common focus on areas connected to the problem of insider threats. These areas include computer security in general, security policies, modeling and analysis of systems, incentive and risk management protocols, federal security agencies, CERTs and similar institutions. While there has been considerable interest in the insider threat problem, there are at least two major problems in the current state of research. First, the community of interest in insider threats is fragmented, with the consequence that there is a considerable risk in repeating work that has already been done in other formats. One facet of this challenge is national fragmentation - for example, little work in the US on the insider threat references or incorporates work done in other countries - in part perhaps because of the predominance of national security communities in US based work. The second challenge is that, while all parts of the insider threat problem demand much more research, in particular, very little progress has been made to date in developing specific actionable policies that fuse current and reasonably expected technological solutions with our evolving understanding of insider threat behavior. Even less progress has been made in means of evaluating the prospective effectiveness of proposed solutions.